mentallurg wrote:
The worst thing is that a Red Hat architect who designed and implemented it does not warn the users. Users have false feeling of safety. Wake up! You are in a big trouble if you use JBoss vault.
I agree a better warning is needed. Looks like you contributed most of that, thanks! However, as you yourself mention concealing and relocating passwords provides security value, it's just a very limited value, that only works in combination with other layers of security.
I don't think there was really any intention to mislead here. I myself took the "security through obscurity" quote was actually a reference to "security through obscurity is no security at all" :)