Elytron provides credential stores as configured way to store passwords and to handle the master password referencing. In some predefined cases they can be used already via credential store references. The same feature should be provided for the usage in EJBs.

The configured credential stores are actual not Inject-able and has to be accessed indirect via static volatile service contexts and deprecated methods. Credentials are required in many UseCases and Interface Usages in Java and has to be provided as the called APIs want it. e.g. Authentication Header. Therefore the Credential Stores needs to be accessible from EJBs like through - 

//@resource Inject for Credential Store References with qualifier
@Ressource(name="credential store name as declared in standalone.xml")
CredentialStore credentialStore;
credentialStore.retrieve("alias", PasswordCredential.class).getPassword();