A KeyManager which uses a KeyStore is defined independently of the KeyStore - it is the KeyManager that has the password for the entry in the KeyStore whilst the KeyStore has the password for the overall store.

In many cases the password used for the overall store is the same password as used for the entries.

We should provide a KeyStore implementation that can substitute the password received.

We may even be able to go one step further and add a password resolver which could mean a CredentialStore is used to obtain the password for different entries,