When persisting in external mode just the encoded value is written:

            entryOos.writeUTF(ksAlias);
            writeBytes(entry.getSecretKey().getEncoded(), entryOos);
            entryOos.flush();

On loading it is hard coded to set it to the Data OID which is used for the majority of other representations:

            byte[] encodedSecretKey = readBytes(entryOis);
            KeyStore.Entry entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encodedSecretKey, DATA_OID));

For a SecretKey which was stored we should have preserved the algorithm such as AES.

The credential store does have a notion of versioning for this file so we could move to the next version but we need to be cautious as once we default to writing with the new version older credential store versions will no longer be able to read it. We may be able to do something like detect if the store even contains any SecretKeyCredenial instances before deciding to write in version 1 or 2.