diff --git a/doc/authentication.md b/doc/authentication.md
index b221bdbc17..d750f18594 100644
--- a/doc/authentication.md
+++ b/doc/authentication.md
@@ -50,7 +50,6 @@ You can obtain the list of TLS certificates trusted by a LXD server with `lxc co
 Trusted clients can be added in either of the following ways:
 
 - {ref}`authentication-add-certs`
-- {ref}`authentication-trust-pw`
 - {ref}`authentication-token`
 
 The workflow to authenticate with the server is similar to that of SSH, where an initial connection to an unknown server triggers a prompt:
@@ -79,14 +78,6 @@ If the list of projects is empty, the client will not be allowed access to any o
 The preferred way to add trusted clients is to directly add their certificates to the trust store on the server.
 To do so, copy the client certificate to the server and register it using `lxc config trust add <file>`.
 
-(authentication-trust-pw)=
-#### Adding client certificates using a trust password
-
-To allow establishing a new trust relationship from the client side, you must set a trust password ([`core.trust_password`](server-options-core)) for the server. Clients can then add their own certificate to the server's trust store by providing the trust password when prompted.
-
-In a production setup, unset `core.trust_password` after all clients have been added.
-This prevents brute-force attacks trying to guess the password.
-
 (authentication-token)=
 #### Adding client certificates using tokens
 
diff --git a/doc/faq.md b/doc/faq.md
index 216e05f93b..6a19b5d73b 100644
--- a/doc/faq.md
+++ b/doc/faq.md
@@ -17,12 +17,11 @@ By default, the LXD server is not accessible from the network, because it only l
 
 You can enable it for remote access by following the instructions in {ref}`server-expose`.
 
-## When I do a `lxc remote add`, it asks for a password or token?
+## When I do a `lxc remote add`, it asks for a token?
 
 To be able to access the remote API, clients must authenticate with the LXD server.
-Depending on how the remote server is configured, you must provide either a trust token issued by the server or specify a trust password (if [`core.trust_password`](server-options-core) is set).
 
-See {ref}`server-authenticate` for instructions on how to authenticate using a trust token (the recommended way), and  {doc}`authentication` for information about other authentication methods.
+See {ref}`server-authenticate` for instructions on how to authenticate using a trust token.
 
 ## Why should I not run privileged containers?
 
diff --git a/doc/howto/cluster_form.md b/doc/howto/cluster_form.md
index f4c14ebb54..8b9ef2549f 100644
--- a/doc/howto/cluster_form.md
+++ b/doc/howto/cluster_form.md
@@ -37,9 +37,6 @@ You can accept the default values for most questions, but make sure to answer th
 - `Are you joining an existing cluster?`
 
   Select **no**.
-- `Setup password authentication on the cluster?`
-
-  Select **no** to use {ref}`authentication tokens <authentication-token>` (recommended) or **yes** to use a {ref}`trust password <authentication-trust-pw>`.
 
 <details>
 <summary>Expand to see a full example for <code>lxd init</code> on the bootstrap server</summary>
@@ -97,9 +94,7 @@ Basically, the initialization process consists of the following steps:
    - `Are you joining an existing cluster?`
 
      Select **yes**.
-   - `Do you have a join token?`
 
-     Select **yes** if you configured the bootstrap server to use {ref}`authentication tokens <authentication-token>` (recommended) or **no** if you configured it to use a {ref}`trust password <authentication-trust-pw>`.
 1. Authenticate with the cluster.
 
    There are two alternative methods, depending on which authentication method you choose when configuring the bootstrap server.
@@ -118,14 +113,6 @@ Basically, the initialization process consists of the following steps:
    The join token contains the addresses of the existing online members, as well as a single-use secret and the fingerprint of the cluster certificate.
    This reduces the amount of questions that you must answer during `lxd init`, because the join token can be used to answer these questions automatically.
    ````
-   ````{group-tab} Trust password
-   If you configured your cluster to use a {ref}`trust password <authentication-trust-pw>`, `lxd init` requires more information about the cluster before it can start the authorization process:
-
-   1. Specify a name for the new cluster member.
-   1. Provide the address of an existing cluster member (the bootstrap server or any other server you have already added).
-   1. Verify the fingerprint for the cluster.
-   1. If the fingerprint is correct, enter the trust password to authorize with the cluster.
-   ````
 
    `````
 
@@ -201,8 +188,6 @@ You need a different preseed file for every server.
 
 ### Initialize the bootstrap server
 
-The required contents of the preseed file depend on whether you want to use {ref}`authentication tokens <authentication-token>` (recommended) or a {ref}`trust password <authentication-trust-pw>` for authentication.
-
 `````{tabs}
 
 ````{group-tab} Authentication tokens (recommended)
@@ -246,55 +231,11 @@ cluster:
 ```
 
 ````
-````{group-tab} Trust password
-To enable clustering, the preseed file for the bootstrap server must contain the following fields:
 
-```yaml
-config:
-  core.https_address: <IP_address_and_port>
-  core.trust_password: <trust_password>
-cluster:
-  server_name: <server_name>
-  enabled: true
-```
-
-Here is an example preseed file for the bootstrap server:
-
-```yaml
-config:
-  core.trust_password: the_password
-  core.https_address: 192.0.2.101:8443
-  images.auto_update_interval: 15
-storage_pools:
-- name: default
-  driver: dir
-networks:
-- name: lxdbr0
-  type: bridge
-profiles:
-- name: default
-  devices:
-    root:
-      path: /
-      pool: default
-      type: disk
-    eth0:
-      name: eth0
-      nictype: bridged
-      parent: lxdbr0
-      type: nic
-cluster:
-  server_name: server1
-  enabled: true
-```
-
-````
 `````
 
 ### Join additional servers
 
-The required contents of the preseed files depend on whether you configured the bootstrap server to use {ref}`authentication tokens <authentication-token>` (recommended) or a {ref}`trust password <authentication-trust-pw>` for authentication.
-
 The preseed files for new cluster members require only a `cluster` section with data and configuration values that are specific to the joining server.
 
 `````{tabs}
@@ -324,54 +265,7 @@ cluster:
 ```
 
 ````
-````{group-tab} Trust password
-The preseed file for additional servers must include the following fields:
-
-```yaml
-cluster:
-  server_name: <server_name>
-  enabled: true
-  cluster_address: <IP_address_of_bootstrap_server>
-  server_address: <IP_address_of_server>
-  cluster_password: <trust_password>
-  cluster_certificate: <certificate> # use this or cluster_certificate_path
-  cluster_certificate_path: <path_to-certificate_file> # use this or cluster_certificate
-```
-
-  To create a YAML-compatible entry for the `cluster_certificate` key, run one the following commands on the bootstrap server:
-
-   - When using the snap: `sed ':a;N;$!ba;s/\n/\n\n/g' /var/snap/lxd/common/lxd/cluster.crt`
-   - Otherwise: `sed ':a;N;$!ba;s/\n/\n\n/g' /var/lib/lxd/cluster.crt`
-
-  Alternatively, copy the `cluster.crt` file from the bootstrap server to the server that you want to join and specify its path in the `cluster_certificate_path` key.
 
-Here is an example preseed file for a new cluster member:
-
-```yaml
-cluster:
-  server_name: server2
-  enabled: true
-  server_address: 192.0.2.102:8443
-  cluster_address: 192.0.2.101:8443
-  cluster_certificate: "-----BEGIN CERTIFICATE-----
-
-opyQ1VRpAg2sV2C4W8irbNqeUsTeZZxhLqp4vNOXXBBrSqUCdPu1JXADV0kavg1l
-
-2sXYoMobyV3K+RaJgsr1OiHjacGiGCQT3YyNGGY/n5zgT/8xI0Dquvja0bNkaf6f
-
-...
-
------END CERTIFICATE-----
-"
-  cluster_password: the_password
-  member_config:
-  - entity: storage-pool
-    name: default
-    key: source
-    value: ""
-```
-
-````
 `````
 
 ## Use MicroCloud
diff --git a/doc/howto/initialize.md b/doc/howto/initialize.md
index 6dc738175f..2bb3bdb8c0 100644
--- a/doc/howto/initialize.md
+++ b/doc/howto/initialize.md
@@ -143,7 +143,6 @@ You can use it as a template for your own preseed file and add, change or remove
 # Daemon settings
 config:
   core.https_address: 192.0.2.1:9999
-  core.trust_password: sekret
   images.auto_update_interval: 6
 
 # Storage pools
diff --git a/doc/server.md b/doc/server.md
index 1daff34d40..077a029c26 100644
--- a/doc/server.md
+++ b/doc/server.md
@@ -47,7 +47,6 @@ Key                                 | Type      | Scope     | Default
 `core.shutdown_timeout`             | integer   | global    | `5`                                              | Number of minutes to wait for running operations to complete before the LXD server shuts down
 `core.storage_buckets_address`      | string    | local     | -                                                | Address to bind the storage object server to (HTTPS)
 `core.trust_ca_certificates`        | bool      | global    | -                                                | Whether to automatically trust clients signed by the CA
-`core.trust_password`               | string    | global    | -                                                | Password to be provided by clients to set up a trust
 
 (server-options-acme)=
 ## ACME configuration