My data store connection password is not in clear-text: http://middlewaremagic.com/jboss/?p=1026

But my keystore password IS.  This is a problem for customers, especially those running our system on Windows where they can't have reliable file permissions.

Previous versions of JBoss recognized this was a problem:

EncryptKeystorePasswordInTomcatConnector

Acceptable solutions were implemented:

https://issues.jboss.org/browse/JBAS-8353?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

But those aren't available in JBoss 7.  https://docs.jboss.org/author/display/AS71/Admin+Guide#AdminGuide-%7B%7B%3Cssl%2F%3E%7D%7D

Vault is overkill and frankly just doesn't work, in our testing at least.  We need command line options for changing passwords that don't require CS degrees.  And we need it to not crash.  We can't move to EAP 6 for this release.

This solution used in Jetty would be perfect: http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords

Base64 encoding is just obfuscated enough for our customers.