When using the jasypt-encryption bundle to encrypt sensible configuration values for Blueprint files (i.e. LDAP module user's password), you have to store the master's password in clear text form inside an environment variable or Karaf system property. It would be good to have a way to hide the master's password using the same mechanism used for credential store, where it is masked inside a Karaf system property (security by obscurity).