CS tool generated different MASKED password then vault.sh --------------------------------------------------------- Key: WFCORE-2421 URL: https://issues.jboss.org/browse/WFCORE-2421 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Hynek Švábek Assignee: Darran Lofthouse CS tool generated different MASKED password then vault.sh When I run oldf vault.sh {code} ./vault.sh --keystore key.store --keystore-password secret_password --alias Vault --vault-block vaultBlock --attribute passDB --sec-attr secretvalue --enc-dir ./vault --iteration 230 --salt 12345678 -t {code} I can see this *MASK-1GhfMaq4jSY0.kFFU3QG4T* Whole output: {code:collapse=true} <vault> <vault-option name="KEYSTORE_URL" value="key.store"/> <vault-option name="KEYSTORE_PASSWORD" value="MASK-1GhfMaq4jSY0.kFFU3QG4T"/> <vault-option name="KEYSTORE_ALIAS" value="Vault"/> <vault-option name="SALT" value="12345678"/> <vault-option name="ITERATION_COUNT" value="230"/> <vault-option name="ENC_FILE_DIR" value="./vault/"/> </vault><management> {code} In the other hand when I run new CS tool with params: {code} java -jar wildfly-elytron-tool.jar credential-store --add myalias --secret secretpassword --location="test.store1" --uri "cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS" --password secret_password --summary --salt 12345678 --iteration 230 --create {code} I get *MASK-KAwLfD1BN8WFhZptWsa17G* Whole output: {code:collapse=true} Alias "myalias" has been successfully stored Credential store command summary: -------------------------------------- /subsystem=elytron/credential-store=test:add(uri="cr-store://test.store?modifiable=true;create=true;keyStoreType=JCEKS",relative-to=jboss.server.data.dir,credential-reference={clear-text="MASK-KAwLfD1BN8WFhZptWsa17G==;12345678;230"}) {code} *I set these values for both:* password to mask *secret_password* iteration *12345678* salt *230*