Showing results for 
Search instead for 
Did you mean: 
Parminder Sian





The master passphrase feature allows you to securely store plain text  passwords in encrypted format. The master passphrase provides a key that  is used to universally encrypt or mask all passwords, without changing  any functionality. Passwords that take advantage of this feature  include:


  • OSPF
  • VPN load balancing
  • VPN (remote access and site-to-site)
  • Failover
  • AAA servers
  • Logging
  • Shared licenses




  • If failover is enabled but no failover shared key  is set, then changing the master passphrase displays an error message,  informing you that a failover shared key must be entered to protect the  master passphrase changes from being sent as plain text.
  • This procedure will only be accepted in a secure session, for example by console, SSH or ASDM via HTTPS.





Setting up new key


hostname(config)# key config-key password-encryption iattacku2


Setting up new key interactively


hostname (config)# key config-key password-encryption

New key: try2attack

Confirm key:try2attack


Changing the old key


Hostname (config)# key config-key password-encryption try2attack

Old key: iattacku2



Changing the old key interactively


hostname (config)# key config-key password-encryption

Old key: iattacku2

New key: try2attack

Confirm key: try2attack


Disabling the Master Passphrase


Note:You must know the current master passphrase to disable it.This procedure will only be accepted in a secure session, for example by console, SSH or ASDM via HTTPS.


hostname(config)# no key config-key  password-encryption


Warning! You have chosen to revert the encrypted passwords to plain text. This

operation will expose passwords in the configuration and therefore exercise caution

while viewing, storing, and copying configuration.



Old key: try2attack


hostname(config)# write memory


Note: If the master passphrase is lost or unknown, it could be removed by using the write erase command followed by the reload command. This removes the master key along with the configuration containing the encrypted passwords.






Related  Information

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Quick Links