F5 BIG-IP Connection

Infisical supports connecting to F5 BIG-IP LTM appliances via the iControl REST API for managing SSL certificates and binding them to Client SSL or Server SSL profiles.

Setup

Infisical UI
API

Gather F5 BIG-IP Credentials

You will need the following from your F5 BIG-IP appliance:

Hostname: The management IP address or FQDN of your BIG-IP appliance (e.g. 10.10.10.10 or bigip.example.com).
Port: The HTTPS management port (default: 443).
Username: A user with administrative access to manage SSL certificates and profiles.
Password: The password for the user account.

The user account must be assigned a role with permissions to:

Upload files via the iControl REST file-transfer endpoint.
Create, update, and delete sys file ssl-cert and sys file ssl-key objects.
Update ltm profile client-ssl or ltm profile server-ssl objects (only required if profile binding is used).
Save the running configuration.

The built-in Certificate Manager role meets these requirements when paired with the relevant administrative partition. For broader scopes, Resource Administrator or Administrator can be used.

Navigate to App Connections

In the Infisical dashboard, navigate to Organization Settings > App Connections and click Add Connection.

Select F5 BIG-IP

Select the F5 BIG-IP option from the list of available connections.

Fill in Connection Details

Fill in the Configuration tab:

Hostname: The management IP or FQDN of the BIG-IP appliance.
Username: The BIG-IP management username.
Password: The password for the management user.
Port (Optional): HTTPS port for the management interface (default: 443).

Configure the SSL tab:

SSL Certificate (Optional): A CA certificate in PEM format to verify the BIG-IP management interface’s TLS certificate.
Reject Unauthorized: When enabled, Infisical will only connect if the BIG-IP has a valid, trusted TLS certificate. Disable for self-signed certificates or provide a CA certificate.

Optionally select a Gateway to route the connection through an Infisical Gateway when the BIG-IP is hosted in an air-gapped or private network.Click Connect to F5 BIG-IP to validate and save your connection.

Connection Created

Your F5 BIG-IP Connection is now available for use with certificate syncs.

To create an F5 BIG-IP Connection, make an API request to the Create App Connection endpoint.

Sample request

Request

curl --request POST \
  --url https://app.infisical.com/api/v1/app-connections/f5-big-ip \
  --header 'Authorization: Bearer <access-token>' \
  --header 'Content-Type: application/json' \
  --data '{
    "name": "my-f5-big-ip-connection",
    "method": "basic-auth",
    "credentials": {
      "hostname": "bigip.example.com",
      "port": 443,
      "username": "admin",
      "password": "your-password",
      "sslRejectUnauthorized": false
    }
  }'

Sample response

Response

{
  "appConnection": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "my-f5-big-ip-connection",
    "app": "f5-big-ip",
    "method": "basic-auth",
    "credentials": {
      "hostname": "bigip.example.com",
      "port": 443,
      "username": "admin",
      "sslRejectUnauthorized": false
    }
  }
}

DNS Made Easy Fly.io Connection

⌘I

​Setup

​Sample request

​Sample response

Setup

Sample request

Sample response