diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
index a4b95fb00..9be23ed2f 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/export_options.xml
@@ -45,6 +45,16 @@
         <type>checkbox</type>
         <help>Verify the server certificate name when the client connects</help>
     </field>
+    <field>
+        <id>openvpn_export.auth_nocache</id>
+        <label>Disable password save</label>
+        <type>checkbox</type>
+        <style>export_option</style>
+        <help>
+          Sets auth-nocache in the exported configuration when password authentication is used.
+          This prevents OpenVPN from caching passwords in memory.
+        </help>
+    </field>
     <field>
         <id>openvpn_export.plain_config</id>
         <label>Custom config</label>
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
index 059167b36..c0afb2cfe 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ArchiveOpenVPN.php
@@ -48,7 +48,7 @@ class ArchiveOpenVPN extends PlainOpenVPN
      */
     public function supportedOptions()
     {
-        return array("plain_config", "p12_password", "random_local_port");
+        return array("plain_config", "p12_password", "random_local_port", "auth_nocache");
     }
 
     /**
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
index 4bb3fa999..501ef74bf 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/PlainOpenVPN.php
@@ -48,7 +48,7 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider
      */
     public function supportedOptions()
     {
-        return array("plain_config", "random_local_port");
+        return array("plain_config", "random_local_port", "auth_nocache");
     }
 
     /**
@@ -132,6 +132,9 @@ class PlainOpenVPN extends BaseExporter implements IExportProvider
         }
         if (in_array($this->config['mode'], array('server_user', 'server_tls_user'))) {
             $conf[] = "auth-user-pass";
+            if (!empty($this->config['auth_nocache'])) {
+                $conf[] = "auth-nocache";
+            }
         }
 
         if (!empty($this->config['compression'])) {
diff --git a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
index 62517862a..e2ac61ce1 100644
--- a/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
+++ b/src/opnsense/mvc/app/library/OPNsense/OpenVPN/ViscosityVisz.php
@@ -48,7 +48,7 @@ class ViscosityVisz extends PlainOpenVPN
      */
     public function supportedOptions()
     {
-        return array("plain_config", "p12_password", "random_local_port");
+        return array("plain_config", "p12_password", "random_local_port", "auth_nocache");
     }
 
     /**
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
index aea27dba7..95a19e6e8 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/Export.xml
@@ -27,6 +27,10 @@
                     <default>1</default>
                     <Required>Y</Required>
                 </validate_server_cn>
+                <auth_nocache type="BooleanField">
+                    <default>0</default>
+                    <Required>N</Required>
+                </auth_nocache>
                 <plain_config type="TextField"/>
             </server>
         </servers>