The specific utility is for when you have a password for something other than a datasource (i.e. external jms provider in jboss-esb.xml) and you have to pass fake security audits to make sure you have fake security (i.e. password obfuscation). This does basically for *everything* what this: http://community.jboss.org/wiki/EncryptingDataSourcePasswords does for database passwords. The current patch is for JBAS6. I'm porting it to JBAS7. I will commit it if there are no reasonable objections.