We need a simple solution in WildFly so that out out of the box we can support using an AES SecretKey to inline encrypt expressions in the management model such as password to other resources.

In the application server we end up in a "chicken and egg" situation as we always need a first key or secret to protect the attributes. 

For this reason the credential store will not be protected by a password or encrypted, those could be added optionally later.

The application server integration may dynamically populate the credential store with a generated secret key if empty but that support is not needed in the store itself.