According to the documentation: https://docs.wildfly.org/23/WildFly_Elytron_Security.html#EncryptedExpressions :

WildFly Elytron provides support for handling encrypted expressions in the management model using a SecretKey from a CredentialStore to decrypt the expression at runtime.

I wonder why this functionality is restricted to secret keys. I would like to be able to use an expression to fetch a password stored in a credential store. The reason: we have a component where the password is a part of a long configuration string. While I can use the current implementation (with a secret key) I do not really want to do it this way. I'd rather prefer to use something like this:

${ENC::ResolverName:alias}

It also gives a possibility to use a custom credential store to directly provide "passwords" (in fact - any string values) without having to generate a secret key and perform encrypting/decrypting steps.