I am using the following link for 2-way ssl in JBoss. It works fine for me. http://www.mastertheboss.com/jboss-...tutorial-for-configuring-ssl-https-on-wildfly I am using the following command to generate key pair, using key password(keypass) as secret. keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -validity 365 -keystore client.keystore -dname "CN=client" -keypass secret -storepass secret Like wise, I follow the steps in above link and I am able to enable https. While doing so, one of the entry that is created in standalone-full.xml is as follows: <tls> <key-stores> <key-store name="demoKeyStore"> <credential-reference clear-text="secret"/> <implementation type="JKS"/> <file path="server.keystore" relative-to="jboss.server.config.dir"/> </key-store> </key-stores> <key-managers> <key-manager name="demoKeyManager" key-store="demoKeyStore"> <credential-reference clear-text="secret"/> </key-manager> </key-managers> <server-ssl-contexts> <server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/> </server-ssl-contexts> </tls> Here the clear-text value is secret, which was used while doing key generation. Since it is visible to anyone having access to standalone-full.xml file, I want to protect it. Question: How do I encrypt the clear-text attribute with value "secret" in the xml file. Few possible way I could think of is storing it in vault (I have not tried it yet) or encrypt the password using some other techniques https://docs.rapidminer.com/9.0/server/administration/security/securing-passwords-in-jboss.html JBoss AS 7.1 - datasource how to encrypt password What is the best way to solve above problem. Please advise. Continue reading...