WSO2 Carbon is shipped with a secure vault implementation which is a modified version of synapse secure vault. This guide describes how to secure the plain text password in carbon configuration files.
The Secret Manager initializes the secret repository and the keystores. It uses secret repository to keep the secret values (encrypted values). These secrets can be accessed through aliases. The keystore is required to create the decryption crypto, which can be used to resolve encrypted secrets values. The keystore and Secret Repository are configurable through the
<GREG_HOME>/repository/conf/security/secret-conf.properties file, which is generated once you execute the Cipher tool.