For the security manager, this is a compliment to other storage
protection mechanisms and not a replacement, correct?
Correct
There would be a master password (or key) that is used to encrypt
clear
text items in the database. password would be entered from command
line
at startup, or grabbed from a secure property file.
I think that's the approach we should take. Unless you can argue
for a
better solution?
Not really, this is a tricky problem to solve.