Local user passwords
Local user passwords are salted with 512 bytes of random data generated by the SHA1PRGN algorithm and then hashed with SHA-512; they are hash stored locally, the original value is never stored (i.e. one-way).
LDAP user passwords
LDAP user passwords are not stored.
Password properties
Password values in Password properties are encrypted via AES-128, using a key generated by the PBKDF2 (PKCS #5 2.0) key derivation function from a passphrase which is stored in a local Java Key Store (JKS).
The JKS itself is protected by a system-wide password which is either encrypted into a property file entry, or required to be entered on application startup.
{{^otherproperty^}}) will not be encrypted. It is therefore strongly recommended that you only substitute Password properties into other Password properties.Decrypted Password property values are not retrievable via any API, and only by services used within the web application.