Section 3.1.6 in the "How to Configure Server Security" guide gives some examples on how to use a password from an external source when creating a credential-store:

https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/how_to_configure_server_security/index#obtain_the_master_password_for_the_credential_store_from_an_external_source

These examples aren't complete though as it's not clear how to format the credential-reference when actually creating the credential-store.

The examples could be updated as follows:

The existing example for EXT could be changed to:

credential-reference={clear-text="{EXT}/usr/bin/getTheMasterPasswordScript.sh par1 par2", type="COMMAND"}

The existing example for CMD could be changed to:

credential-reference={clear-text="{CMD}/usr/bin/getTheMasterPasswordScript.sh par1,par2", type="COMMAND"}

The existing examples for MASK could be changed to:

credential-reference={clear-text="MASK-MASKED_VALUE;SALT;ITERATION"}

credential-reference={clear-text="MASK-NqMznhSbL3lwRpDmyuqLBW==;12345678;123"}