During a Fortinet 100D to Fortinet 100F upgrade migration, the Fortinet Firewall Migration Tool cannot recover the Fortinet IPsec VPN Pre-shared key for you, we cannot find the IPsec VPN Pre-shared key from the previous document
Searching and testing around seem the only fix is to update the key on both ends, however, for this particular environment, we are required to minimize the impact.
After digging into the Fortinet document and internet forms, someone mentioned you can use the below command to decrypt the key, but it is still not the Pre-share key that I am after:
di sys ha checksum sho root vpn.ipsec.phase1-interface xxxxx
The key is 47756573744d653132330d0a
Looking at decrypted keys carefully, they are actually Hex! To recover the key, simply go to a Hex to Text converter online, such as https://www.rapidtables.com/convert/number/hex-to-ascii.html
This method is NOT working on the newer version of Fortinet Firmware anymore (such as 6.4.7), it is simply not a best of practice for a security product to view the password!