key config-key password-encryption

Last Updated : May 24, 2019 |

Changes the default Master Key of the gateway used to encrypt gateway secrets in the gateway configuration file.

For security reasons, it is recommended to define a new Master Key upon gateway installation. Otherwise, the default Master Key, common to all gateways, is used to encrypt gateway secrets.

Record the phrase you entered in the key config-key password-encryption command and keep it in a safe place. If you want to copy one gateway’s configuration file to another gateway, you must first configure in the other gateway an identical Master Key (by using the same phrase), otherwise the copy operation fails.

When you define a Master Key, you are prompted to save it by copying the running configuration to the start-up configuration using the copy running-config startup-config command. The Master Key is now in effect.

The nvram initialize command deletes the user-defined Master Key, and returns it to its default value.

Syntax

Important:

This command is not allowed when FIPS mode is enabled.

key config-key password-encryption master-key-passphrase

Parameters

Parameter

Description

Possible Values

Default Value

master-key-phrase

The phrase used to generate the gateway’s Master Key, used for encrypting gateway secrets

A string of 13-64 printable ASCII characters

User level

admin

Context

general

Example

To change the default Master Key of the gateway to o;3qfhSE&Ydf1\:

Gxxx(super)# key config-key password-encryption o;3qfhSE&Ydfl\