Details
By default, usernames and passwords (and other credentials, such as RADIUS/TACACS authentication keys) are stored separately from the switch configuration file, and are not shown when saved or running configurations are displayed. Credentials may be stored and shown as part of the switch configuration using the include-credentials command. If this feature is enabled, Aruba strongly recommends also enabling the encrypt-credentials feature to encrypt stored credentials using aes-256-cbc encryption, using either a hard-coded 256-bit key common to all Aruba switches, or (recommended) a custom pre-shared key defined as either a plaintext string or a 64-character hexadecimal string. Using a pre-shared key common to devices in a given network enables transfer of configurations, including credentials, between devices using the same key.
NOTE: include-credentials configuration was not found. This check is not applicable.
Solution
To enable both of these features, with credentials encrypted using a custom pre-shared key:
switch(config)# include-credentials
switch(config)# encrypt-credentials pre-shared-key plaintext encryptme
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system ArubaOS.