diff --git a/ruoyi-ui/.env.development b/ruoyi-ui/.env.development
index 21824c0..606dba5 100644
--- a/ruoyi-ui/.env.development
+++ b/ruoyi-ui/.env.development
@@ -6,6 +6,7 @@ ENV = 'development'
 
 # 若依管理系统/开发环境
 VUE_APP_BASE_API = '/dev-api'
+VUE_APP_PASSWORD_TRANSFER_KEY = '1234567890abcdef'
 
 # 路由懒加载
 VUE_CLI_BABEL_TRANSPILE_MODULES = true
diff --git a/ruoyi-ui/.env.production b/ruoyi-ui/.env.production
index 96ed58c..73fcfc4 100644
--- a/ruoyi-ui/.env.production
+++ b/ruoyi-ui/.env.production
@@ -6,3 +6,4 @@ ENV = 'production'
 
 # 若依管理系统/生产环境
 VUE_APP_BASE_API = '/prod-api'
+VUE_APP_PASSWORD_TRANSFER_KEY = '1234567890abcdef'
diff --git a/ruoyi-ui/.env.staging b/ruoyi-ui/.env.staging
index f2d35fa..62b7f38 100644
--- a/ruoyi-ui/.env.staging
+++ b/ruoyi-ui/.env.staging
@@ -10,3 +10,4 @@ ENV = 'staging'
 
 # 若依管理系统/测试环境
 VUE_APP_BASE_API = '/stage-api'
+VUE_APP_PASSWORD_TRANSFER_KEY = '1234567890abcdef'
diff --git a/ruoyi-ui/src/api/system/user.js b/ruoyi-ui/src/api/system/user.js
index 69c8591..0ae2d6c 100644
--- a/ruoyi-ui/src/api/system/user.js
+++ b/ruoyi-ui/src/api/system/user.js
@@ -21,10 +21,11 @@ export function getUser(userId) {
 
 // 新增用户
 export function addUser(data) {
+  const payload = encryptPasswordFields(data, ['password'], process.env.VUE_APP_PASSWORD_TRANSFER_KEY)
   return request({
     url: '/system/user',
     method: 'post',
-    data: data
+    data: payload
   })
 }
 
@@ -47,10 +48,10 @@ export function delUser(userId) {
 
 // 用户密码重置
 export function resetUserPwd(userId, password) {
-  const data = {
+  const data = encryptPasswordFields({
     userId,
     password
-  }
+  }, ['password'], process.env.VUE_APP_PASSWORD_TRANSFER_KEY)
   return request({
     url: '/system/user/resetPwd',
     method: 'put',
diff --git a/ruoyi-ui/tests/password-transfer-api.test.js b/ruoyi-ui/tests/password-transfer-api.test.js
index c8d0ce5..fd7a37f 100644
--- a/ruoyi-ui/tests/password-transfer-api.test.js
+++ b/ruoyi-ui/tests/password-transfer-api.test.js
@@ -79,4 +79,10 @@ const updatePwdConfig = userModule.updateUserPwd('oldPwd', 'newPwd')
 assert.notStrictEqual(updatePwdConfig.data.oldPassword, 'oldPwd')
 assert.notStrictEqual(updatePwdConfig.data.newPassword, 'newPwd')
 
+const addUserConfig = userModule.addUser({ userName: 'u1', password: 'initPwd', nickName: 'n1' })
+assert.notStrictEqual(addUserConfig.data.password, 'initPwd')
+
+const resetUserPwdConfig = userModule.resetUserPwd(2, 'resetPwd')
+assert.notStrictEqual(resetUserPwdConfig.data.password, 'resetPwd')
+
 console.log('password-transfer-api test passed')