Creating the big-ip Service Discovery via API calls it because evident there is not an API to create a blindfold secret which can be referenced in the creation of the service discovery for the big-ip admin user password.

The api calls available are for the tenant public cert to encode the secret but no direct call for the creation of the blindfold secret. The only method by code and a script is to use the vesctl, ideally this is all direct API calls including a retrieval for existing created values.