[keycloak-user] Passwords for keycloak

Is it possible to extend keycloak to read its settings, specifically passwords, from a secure configuration store? For example, how would I go about having keycloak read the password for the database connection from a secure store, so it's not stored in the config files on the machine, or passed as command line parameters? Thanks Matt