Password Obfuscation in Downloaded CLI and INI Files

You can enhance security by obfuscating passwords in the downloaded ini and CLI Script files with a strong encryption algorithm. The encryption is achieved using the AES-256 algorithm with a 16-bit random CFB initialization vector (IV) cipher mode for the encryption key. This method offers robust protection of sensitive data.

Obscured passwords are displayed using the following syntax:

■

ini File: $2$<obfuscated password>

For example:

WSTunPassword = $2$8EGYm+FG+JJT/p8ZOytU64uplPMKcw==

■

CLI Script File: <obscured password>== encrypted

For example:

password B55osyLT1t7+oorwkaNB3bxEX4Bl8g== encrypted

To configure the encryption key for password obfuscation, use the following CLI command:

(config-network)# security-settings
(network-security)# encryption-key assign <your key>

For more information on configuring the key, refer to the section 'Configuring Password Obfuscation in CLI Script and ini Files' in the User's Manual.