diff --git a/lib/EAPBase/include/Credentials.h b/lib/EAPBase/include/Credentials.h
index 9303ae4..3fda0fb 100644
--- a/lib/EAPBase/include/Credentials.h
+++ b/lib/EAPBase/include/Credentials.h
@@ -158,22 +158,6 @@ namespace eap
         ///
         virtual bool empty() const;
 
-        /// \name XML credentials management
-        /// @{
-
-        ///
-        /// Save credentials to XML document
-        ///
-        /// \param[in]  pDoc         XML document
-        /// \param[in]  pConfigRoot  Suggested root element for saving credentials
-        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
-        ///
-        /// \returns Always returns \c ERROR_NOT_SUPPORTED, as credentials are non-exportable.
-        ///
-        virtual DWORD save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
-
-        /// @}
-
         /// \name Storage
         /// @{
 
@@ -357,6 +341,19 @@ namespace eap
         /// \name XML configuration management
         /// @{
 
+        ///
+        /// Save credentials to XML document
+        ///
+        /// \param[in]  pDoc         XML document
+        /// \param[in]  pConfigRoot  Suggested root element for saving credentials
+        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        ///
+        /// \returns
+        /// - \c ERROR_SUCCESS if succeeded
+        /// - error code otherwise
+        ///
+        virtual DWORD save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+
         ///
         /// Load credentials from XML document
         ///
diff --git a/lib/EAPBase/src/Credentials.cpp b/lib/EAPBase/src/Credentials.cpp
index 55bbf61..386a2f6 100644
--- a/lib/EAPBase/src/Credentials.cpp
+++ b/lib/EAPBase/src/Credentials.cpp
@@ -83,17 +83,6 @@ bool eap::credentials::empty() const
 }
 
 
-DWORD eap::credentials::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
-{
-    UNREFERENCED_PARAMETER(pDoc);
-    UNREFERENCED_PARAMETER(pConfigRoot);
-    UNREFERENCED_PARAMETER(ppEapError);
-
-    // Yeah, right!? Credentials are non-exportable!
-    return ERROR_NOT_SUPPORTED;
-}
-
-
 DWORD eap::credentials::encrypt(_In_ HCRYPTPROV hProv, _In_bytecount_(size) const void *data, _In_ size_t size, _Out_ std::vector<unsigned char> &enc, _Out_ EAP_ERROR **ppEapError, _Out_opt_ HCRYPTHASH hHash) const
 {
     assert(ppEapError);
@@ -195,6 +184,33 @@ bool eap::credentials_pass::empty() const
 }
 
 
+DWORD eap::credentials_pass::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+{
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    DWORD dwResult;
+
+    // <UserName>
+    if (!m_identity.empty())
+        if ((dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"UserName"), bstrNamespace, bstr(m_identity))) != ERROR_SUCCESS) {
+            *ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <UserName> element."), NULL);
+            return dwResult;
+        }
+
+    // <Password>
+    if (!m_password.empty()) {
+        bstr pass(m_password);
+        dwResult = eapxml::put_element_value(pDoc, pConfigRoot, bstr(L"Password"), bstrNamespace, pass);
+        SecureZeroMemory((BSTR)pass, sizeof(OLECHAR)*pass.length());
+        if (dwResult != ERROR_SUCCESS) {
+            *ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <Password> element."), NULL);
+            return dwResult;
+        }
+    }
+
+    return ERROR_SUCCESS;
+}
+
+
 DWORD eap::credentials_pass::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
 {
     assert(pConfigRoot);
diff --git a/lib/TLS/include/Credentials.h b/lib/TLS/include/Credentials.h
index 2fe35d1..9797fce 100644
--- a/lib/TLS/include/Credentials.h
+++ b/lib/TLS/include/Credentials.h
@@ -128,6 +128,19 @@ namespace eap
         /// \name XML credentials management
         /// @{
 
+        ///
+        /// Save credentials to XML document
+        ///
+        /// \param[in]  pDoc         XML document
+        /// \param[in]  pConfigRoot  Suggested root element for saving credentials
+        /// \param[out] ppEapError   Pointer to error descriptor in case of failure. Free using `module::free_error_memory()`.
+        ///
+        /// \returns
+        /// - \c ERROR_SUCCESS if succeeded
+        /// - error code otherwise
+        ///
+        virtual DWORD save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const;
+
         ///
         /// Load credentials from XML document
         ///
diff --git a/lib/TLS/src/Credentials.cpp b/lib/TLS/src/Credentials.cpp
index f997764..a0b64d9 100644
--- a/lib/TLS/src/Credentials.cpp
+++ b/lib/TLS/src/Credentials.cpp
@@ -84,6 +84,23 @@ bool eap::credentials_tls::empty() const
 
 
 
+DWORD eap::credentials_tls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError) const
+{
+    const bstr bstrNamespace(L"urn:ietf:params:xml:ns:yang:ietf-eap-metadata");
+    DWORD dwResult;
+
+    // <CertHash>
+    if (!m_cert_hash.empty())
+        if ((dwResult = eapxml::put_element_hex(pDoc, pConfigRoot, bstr(L"CertHash"), bstrNamespace, m_cert_hash.data(), m_cert_hash.size())) != ERROR_SUCCESS) {
+            *ppEapError = m_module.make_error(dwResult, 0, NULL, NULL, NULL, _T(__FUNCTION__) _T(" Error creating <CertHash> element."), NULL);
+            return dwResult;
+        }
+
+    return ERROR_SUCCESS;
+}
+
+
+
 DWORD eap::credentials_tls::load(_In_ IXMLDOMNode *pConfigRoot, _Out_ EAP_ERROR **ppEapError)
 {
     assert(pConfigRoot);