diff --git a/doc/bird.sgml b/doc/bird.sgml
index 150858749b81b107bd6a23ab72521c3fc9a9362f..39dadaf20eee3157e2c7fec8ebc180e8346fb7fb 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -789,10 +789,9 @@ agreement").
         specified this way must be at least 16 bytes (32 digits) long (although
         specific algorithms can impose other restrictions).
 
-	This option is allowed in BFD, OSPF and RIP protocols. BGP has also
-	<cf/password/ option, but it is slightly different and described
-	separately.
-	Default: none.
+	This option is allowed in BFD, OSPF, RIP, and Babel protocols. BGP has
+	also <cf/password/ option, but it is slightly different and described
+	separately. Default: none.
 </descrip>
 
 <p>Password option can contain section with some (not necessary all) password sub-options:
diff --git a/nest/config.Y b/nest/config.Y
index 94f9b5dcd3657c27fc57dae17071f3e75dd12d0f..7ead858939460cdd2d36606bd0e220b59738632e 100644
--- a/nest/config.Y
+++ b/nest/config.Y
@@ -115,7 +115,7 @@ CF_KEYWORDS(ROUTER, ID, HOSTNAME, PROTOCOL, TEMPLATE, PREFERENCE, DISABLED, DEBU
 CF_KEYWORDS(INTERFACE, IMPORT, EXPORT, FILTER, NONE, VRF, DEFAULT, TABLE, STATES, ROUTES, FILTERS)
 CF_KEYWORDS(IPV4, IPV6, VPN4, VPN6, ROA4, ROA6, FLOW4, FLOW6, SADR, MPLS)
 CF_KEYWORDS(RECEIVE, LIMIT, ACTION, WARN, BLOCK, RESTART, DISABLE, KEEP, FILTERED, RPKI)
-CF_KEYWORDS(PASSWORD, FROM, PASSIVE, TO, ID, EVENTS, PACKETS, PROTOCOLS, CHANNELS, INTERFACES)
+CF_KEYWORDS(PASSWORD, KEY, FROM, PASSIVE, TO, ID, EVENTS, PACKETS, PROTOCOLS, CHANNELS, INTERFACES)
 CF_KEYWORDS(ALGORITHM, KEYED, HMAC, MD5, SHA1, SHA256, SHA384, SHA512, BLAKE2S128, BLAKE2S256, BLAKE2B256, BLAKE2B512)
 CF_KEYWORDS(PRIMARY, STATS, COUNT, BY, FOR, COMMANDS, PREEXPORT, NOEXPORT, EXPORTED, GENERATE)
 CF_KEYWORDS(BGP, PASSWORDS, DESCRIPTION, SORTED)
@@ -517,9 +517,11 @@ password_item:
   | password_item_begin password_item_end
 ;
 
+pass_key: PASSWORD | KEY;
+
 password_item_begin:
-    PASSWORD text { init_password_list(); init_password($2, strlen($2), password_id++); }
-  | PASSWORD BYTESTRING { init_password_list(); init_password($2->data, $2->length, password_id++); }
+    pass_key text { init_password_list(); init_password($2, strlen($2), password_id++); }
+  | pass_key BYTESTRING { init_password_list(); init_password($2->data, $2->length, password_id++); }
 ;
 
 password_item_params: