diff --git a/homeassistant/components/nuki/__init__.py b/homeassistant/components/nuki/__init__.py
index ede7a20ccdb..3f17c0b795b 100644
--- a/homeassistant/components/nuki/__init__.py
+++ b/homeassistant/components/nuki/__init__.py
@@ -39,7 +39,7 @@ from homeassistant.helpers.update_coordinator import (
     UpdateFailed,
 )
 
-from .const import DEFAULT_TIMEOUT, DOMAIN, ERROR_STATES
+from .const import CONF_ENCRYPT_TOKEN, DEFAULT_TIMEOUT, DOMAIN, ERROR_STATES
 from .helpers import NukiWebhookException, parse_id
 
 _NukiDeviceT = TypeVar("_NukiDeviceT", bound=NukiDevice)
@@ -188,7 +188,7 @@ async def async_setup_entry(hass: HomeAssistant, entry: ConfigEntry) -> bool:
             entry.data[CONF_HOST],
             entry.data[CONF_TOKEN],
             entry.data[CONF_PORT],
-            True,
+            entry.data.get(CONF_ENCRYPT_TOKEN, True),
             DEFAULT_TIMEOUT,
         )
 
diff --git a/homeassistant/components/nuki/config_flow.py b/homeassistant/components/nuki/config_flow.py
index 310197d55d8..4acfecf492b 100644
--- a/homeassistant/components/nuki/config_flow.py
+++ b/homeassistant/components/nuki/config_flow.py
@@ -13,7 +13,7 @@ from homeassistant.components import dhcp
 from homeassistant.const import CONF_HOST, CONF_PORT, CONF_TOKEN
 from homeassistant.data_entry_flow import FlowResult
 
-from .const import DEFAULT_PORT, DEFAULT_TIMEOUT, DOMAIN
+from .const import CONF_ENCRYPT_TOKEN, DEFAULT_PORT, DEFAULT_TIMEOUT, DOMAIN
 from .helpers import CannotConnect, InvalidAuth, parse_id
 
 _LOGGER = logging.getLogger(__name__)
@@ -26,7 +26,12 @@ USER_SCHEMA = vol.Schema(
     }
 )
 
-REAUTH_SCHEMA = vol.Schema({vol.Required(CONF_TOKEN): str})
+REAUTH_SCHEMA = vol.Schema(
+    {
+        vol.Required(CONF_TOKEN): str,
+        vol.Optional(CONF_ENCRYPT_TOKEN, default=True): bool,
+    }
+)
 
 
 async def validate_input(hass, data):
@@ -41,7 +46,7 @@ async def validate_input(hass, data):
             data[CONF_HOST],
             data[CONF_TOKEN],
             data[CONF_PORT],
-            True,
+            data.get(CONF_ENCRYPT_TOKEN, True),
             DEFAULT_TIMEOUT,
         )
 
@@ -100,6 +105,7 @@ class NukiConfigFlow(config_entries.ConfigFlow, domain=DOMAIN):
             CONF_HOST: self._data[CONF_HOST],
             CONF_PORT: self._data[CONF_PORT],
             CONF_TOKEN: user_input[CONF_TOKEN],
+            CONF_ENCRYPT_TOKEN: user_input[CONF_ENCRYPT_TOKEN],
         }
 
         try:
@@ -131,8 +137,15 @@ class NukiConfigFlow(config_entries.ConfigFlow, domain=DOMAIN):
     async def async_step_validate(self, user_input=None):
         """Handle init step of a flow."""
 
+        data_schema = self.discovery_schema or USER_SCHEMA
+
         errors = {}
         if user_input is not None:
+            data_schema = USER_SCHEMA.extend(
+                {
+                    vol.Optional(CONF_ENCRYPT_TOKEN, default=True): bool,
+                }
+            )
             try:
                 info = await validate_input(self.hass, user_input)
             except CannotConnect:
@@ -149,7 +162,8 @@ class NukiConfigFlow(config_entries.ConfigFlow, domain=DOMAIN):
                 self._abort_if_unique_id_configured()
                 return self.async_create_entry(title=bridge_id, data=user_input)
 
-        data_schema = self.discovery_schema or USER_SCHEMA
         return self.async_show_form(
-            step_id="user", data_schema=data_schema, errors=errors
+            step_id="user",
+            data_schema=self.add_suggested_values_to_schema(data_schema, user_input),
+            errors=errors,
         )
diff --git a/homeassistant/components/nuki/const.py b/homeassistant/components/nuki/const.py
index dee4a8b8ac5..21a2dcf9e5b 100644
--- a/homeassistant/components/nuki/const.py
+++ b/homeassistant/components/nuki/const.py
@@ -12,3 +12,6 @@ DEFAULT_PORT = 8080
 DEFAULT_TIMEOUT = 20
 
 ERROR_STATES = (0, 254, 255)
+
+# Encrypt token, instead of using a plaintext token
+CONF_ENCRYPT_TOKEN = "encrypt_token"
diff --git a/homeassistant/components/nuki/strings.json b/homeassistant/components/nuki/strings.json
index 19aeae989f4..eb380cabd04 100644
--- a/homeassistant/components/nuki/strings.json
+++ b/homeassistant/components/nuki/strings.json
@@ -5,14 +5,16 @@
         "data": {
           "host": "[%key:common::config_flow::data::host%]",
           "port": "[%key:common::config_flow::data::port%]",
-          "token": "[%key:common::config_flow::data::access_token%]"
+          "token": "[%key:common::config_flow::data::access_token%]",
+          "encrypt_token": "Use an encrypted token for authentication."
         }
       },
       "reauth_confirm": {
         "title": "[%key:common::config_flow::title::reauth%]",
         "description": "The Nuki integration needs to re-authenticate with your bridge.",
         "data": {
-          "token": "[%key:common::config_flow::data::access_token%]"
+          "token": "[%key:common::config_flow::data::access_token%]",
+          "encrypt_token": "[%key:component::nuki::config::step::user::data::encrypt_token%]"
         }
       }
     },