Cisco Support Community

How to recover a pre-shared key on the PIX / ASA.

Core issue

Once a pre-shared is configured, it is encrypted, and you cannot see it in the running configuration. It is displayed as ********.


To view the system configuration in 7.x code without "********", use the command below:


Alternatively to recover, perform one of the three solutions:

  • Upload your configuration to a TFTP server. This is needed because once the configuration is sent to the TFTP server, the pre-shared key and other passwords appear as clear text (instead of  ******** , as in the show run command).

    To upload your configuration to a TFTP server, issue this command:

    ASA#write net [[server_ip]:[filename]]):

    Once the file is saved on the TFTP server, you can open it with a text editor and view the passwords in clear text.

  • The configuration can also be uploaded to an FTP server. This is the command:

    ASA#copy running-config ftp://USERNAME:PASSWORD@ServerIP/

  • A copy of the configuration can be saved in clear text on the ASA only. Issue these commands on the Adaptive Security Appliance (ASA) :

    ASA#copy run


After performing one of these options, you should be able to see the pre-shared key.

For further information refer to the copy command.

Community Member


I need to see the passwords in clear text those i have in my ASA local database. because I need to create them in AAA with same username/Password. I tried all of the three solution but all of them showing pre-share key as clear text but not the passwords of the users. Is there any other way to get them in clear text?

your help will be highly appreciated.