Storing credentials in the switch configuration


By default, usernames and passwords (and other credentials, such as RADIUS/TACACS authentication keys) are stored separately from the switch configuration file, and are not shown when saved or running configurations are displayed. Credentials may be stored and shown as part of the switch configuration using the include-credentials command. If this feature is enabled, Aruba strongly recommends also enabling the encrypt-credentials feature to encrypt stored credentials using aes-256-cbc encryption, using either a hard-coded 256-bit key common to all Aruba switches, or (recommended) a custom pre-shared key defined as either a plaintext string or a 64-character hexadecimal string. Using a pre-shared key common to devices in a given network enables transfer of configurations, including credentials, between devices using the same key.

NOTE: include-credentials configuration was not found. This check is not applicable.


To enable both of these features, with credentials encrypted using a custom pre-shared key:

switch(config)# include-credentials
switch(config)# encrypt-credentials pre-shared-key plaintext encryptme

See Also

Item Details


References: 800-53|IA-5(1)(c)

Plugin: ArubaOS

Control ID: 3184707f890c4905808d9d35235ba80403238328b7de68fe5a300290094b52c2