Encrypting Passwords in the Configuration File

You can also direct the system software to encrypt passwords saved in the configuration file by using the service password-encryption command. This command is useful to keep unauthorized individuals from viewing your password in your configuration file. It is important to remember that this command uses a simple cipher and is not intended to protect against serious analysis. You can tell if a string is encrypted if it is preceded by an 8.

To encrypt passwords that are saved in the system’s configuration file, issue the service password-encryption command in Global Configuration mode.

host1(config)#service password-encryption

Note: The command is not intended to provide protection from serious analysis. This command does not apply to passwords set with enable secret, enable password, or password (Line Configuration mode). This command does apply to authentication key passwords and BGP neighbor passwords.

The no version removes the encryption assignment.