Unable to create external credential-store using elytron-tool on FIPS-configured JDK

Configure FIPS JDK Create nss database: $ sudo mkdir -p /usr/share/jboss-as $ sudo chown $USER:$USER /usr/share/jboss-as/ $ mkdir /usr/share/jboss-as/fipsdb $ modutil  -create -dbdir /usr/share/jboss-as/fipsdb Create nss configuration file with following content: name = nss-fips nssLibraryDirectory = /usr/lib64 nssSecmodDirectory = /usr/share/jboss-as/fipsdb nssModule = fips nssDbMode = readWrite Enable SunPKCS11 provider: Modify java.security file (located eg. in $JAVA_HOME/jre/lib/security/java.security or `$JAVA_HOME/conf/security/java.security`) file to have the provider on the first position: security.provider.1=SunPKCS11 /usr/share/jboss-as/nss.cfg Any other security.provider.X lines in this file must have the value of their X increased by one to ensure that this provider is given priority. Modify java.security file’s provider com.sun.net.ssl.internal.ssl.Provider to use the PKCS#11 keystore we are configuring right now. Resulting row should look like the following(numbering can differ): security.provider.5=SunJSSE SunPKCS11-nss-fips Enable FIPS mode for NSS library and set password: $ modutil -fips true -dbdir /usr/share/jboss-as/fipsdb $ modutil -changepw "NSS FIPS 140-2 Certificate DB" -dbdir /usr/share/jboss-as/fipsdb Create secmod.db if it does not exist: $ modutil -fips true -dbdir /usr/share/jboss-as/fipsdb Run elytron-tool using FIPS JDK Create secret key: keytool -genseckey -alias my-key -storetype PKCS11 Run elytron-tool $ cd $JBOSS_HOME/bin $ touch /tmp/eltool-test $ /bin/bash elytron-tool.sh credential-store --create --add secret-key --secret pass123+ --password pass123+ --location /tmp/eltool-test --properties "keyStoreType=PKCS11;external=true;keyAlias=my-key;externalPath=/tmp/result,cryptoAlg=bcrypt" --debug Note that --location option is required because of JBEAP-23163 Expected output Alias "my-key" has been successfully stored Actual output Exception encountered executing the command: org.wildfly.security.credential.store.CredentialStoreException: ELY09508: Cannot write credential to store     at org.wildfly.security.elytron-base@1.18.0.Final //org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.store(KeyStoreCredentialStore.java:413)     at org.wildfly.security.elytron-base@1.18.0.Final //org.wildfly.security.credential.store.CredentialStore.store(CredentialStore.java:242)     at org.wildfly.security.elytron-base@1.18.0.Final //org.wildfly.security.credential.store.CredentialStore.store(CredentialStore.java:226)     at org.wildfly.security.elytron-tool@1.18.0.Final //org.wildfly.security.tool.CredentialStoreCommand.addAlias(CredentialStoreCommand.java:510)     at org.wildfly.security.elytron-tool@1.18.0.Final //org.wildfly.security.tool.CredentialStoreCommand.execute(CredentialStoreCommand.java:421)     at org.wildfly.security.elytron-tool@1.18.0.Final //org.wildfly.security.tool.ElytronTool.main(ElytronTool.java:84)     at org.jboss.modules.Module.run(Module.java:353)     at org.jboss.modules.Module.run(Module.java:321)     at org.jboss.modules.Main.main(Main.java:604) Caused by: java.security.NoSuchAlgorithmException: ELY08028: Invalid algorithm "clear"     at org.wildfly.security.elytron-base@1.18.0.Final //org.wildfly.security.password.PasswordFactory.getInstance(PasswordFactory.java:123)     at org.wildfly.security.elytron-base@1.18.0.Final //org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.store(KeyStoreCredentialStore.java:287)     ... 8 more