Use the following syntax to set the configuration file encryption key using the AES-256-CBC cipher algorithm. This key is used for all configuration files (primary, secondary, and tertiary).
bof encryption-key key [hash | hash2]
The encryption key can be in one of the following formats:
a plaintext string between 8 and 32 characters; the plaintext string cannot contain embedded nulls or end with ‟hash” or ‟hash2”
a hashed string between 1 and 64 characters; the selected hashing scheme can be hash or hash2
The hash2 encryption scheme is node-specific and the key cannot be transferred between nodes.
After creating the encryption key, use the admin save command to save the encrypted configuration file.
If the admin rollback save command is used, the rollback files are also encrypted.
When an encrypted configuration file is opened in a text editor, editing or viewing the file contents is not possible, as the entire file is encrypted.