mentallurg [https://community.jboss.org/people/mentallurg] commented on the document "AS7: Utilising masked passwords via the vault" To view all comments on this document, visit: https://community.jboss.org/docs/DOC-17472#comment-11313 -------------------------------------------------- JBoss vault is *not safe*. It gives you false feeling of safety. You *disclose the password* to access the vault via KEYSTORE_PASSWORD. Everyone can easily decrypt all the passwords you have encrypted. Unfortunately JBoss does not help users to understand it and to be aware of security problems. --------------------------------------------------