We have several apps running on WildFly 24 and 26 servers and some of the standalone.xml files include credentials in datasources as well as other sensitive values in the system-properties. Using the jboss vault tool for WildFly 24 we have managed to encrypt and store those values in vaults and they can all (datasource passwords and system property values) be called using the vault reference. We need to encrypt/mask those values so that they are not readable.
When trying to use the same method for WildFly 26 we found out that vault wasn't available and we had to use Elytron credential store which would only be useful for datasources, not for system properties as it is stated here :
Credential store cannot be used as expressions in system properties prior to JBoss EAP 7.4.4. The suggestion is to use Vault to store any sensitive data/strings that you might not want so display such as keystore and truststore passwords that need to be specified in system-properties for outbound SSL connections, or for the use of any other strings/properties.
How else can we mask/encrypt those values or where else can we place them so that maybe elytron can decrypt them before the apps are deployed?
Thanks in advance