Note:

This article assumes that the admin has an IPsec tunnel set up with a pre-shared key defined, but has forgotten the actual plain text of that key. For demonstration purposes, this article will use a VPN tunnel with a pre-shared key of 'My_PSK'.

Although the pre-shared key 'My_PSK' is known for this example, the focus is to help the admin recover the pre-shared key in plain text format.

Log in into the FortiGate GUI using the super_admin profile:

Open a new tab in the browser (such as Firefox or Google Chrome) and use the following path to obtain the PSK in plain text:

For all tunnels:

 https://FortiGate_IP/api/v2/cmdb/vpn.ipsec/phase1-interface?plain-text-password=1

For a specific tunnel:

https://FortiGate_IP/api/v2/cmdb/vpn.ipsec/phase1-interface/TEST_S2S?plain-text-password=1

Important:
When the firewall is operating in multi-VDOM mode, and needs to retrieve the preshared key for a specific VDOM, ensure to access the firewall through an interface associated with the same VDOM. Accessing the firewall via an interface in a different VDOM may restrict visibility or access to the required configuration.