Enabling Encrypt-Credentials
To enable
encrypt-credentials
, enter this command.
Syntax
[no] encrypt-credentials [ pre-shared-key < plaintext | hex > ]
When
encrypt-credentials
is enabled without any parameters, it enables the encryption of relevant security parameters in the configuration.
The
[no]
form of the command disables the
encrypt-credentials
feature. If specified with
pre-shared-key
option, clears the
preshared- key
used to encrypt credentials.
When the switch is in enhanced secure mode, commands that take a secret key as a parameter have the echo of the secret typing replaced with asterisks. The input for
<keystring>
is prompted for interactively. For more information, see
Secure mode(FIPS).
pre-shared-key
-
When specified, sets the pre-shared-key that is used for all AES encryption. If no key is set, a switch default AES key is used.
- Default
-
switch default AES key
When
encrypt-credentials
is enabled without any parameters, a caution message displays advising you about the effect of the feature with prior software versions, and actions that are recommended. All versions of the command force a configuration save after encrypting or re-encrypting sensitive data in the configuration.