The master passphrase feature allows you to securely store plain text passwords in encrypted format. The master passphrase provides a key that is used to universally encrypt or mask all passwords, without changing any functionality. Passwords that take advantage of this feature include:
VPN load balancing
VPN (remote access and site-to-site)
If failover is enabled but no failover shared key is set, then changing the master passphrase displays an error message, informing you that a failover shared key must be entered to protect the master passphrase changes from being sent as plain text.
This procedure will only be accepted in a secure session, for example by console, SSH or ASDM via HTTPS.
Note:You must know the current master passphrase to disable it.This procedure will only be accepted in a secure session, for example by console, SSH or ASDM via HTTPS.
hostname(config)# no key config-key password-encryption
Warning! You have chosen to revert the encrypted passwords to plain text. This
operation will expose passwords in the configuration and therefore exercise caution
while viewing, storing, and copying configuration.
Old key: try2attack
hostname(config)# write memory
Note: If the master passphrase is lost or unknown, it could be removed by using the write erase command followed by the reload command. This removes the master key along with the configuration containing the encrypted passwords.