I don't see any useful use case when I want to configure password attribute in conjuction with credential-reference.
Please mark password attribute and credential-reference in management model as "alternatives".

alternatives – List of string – Indicates an exclusive relationship between attributes. If this attribute is defined, the other attributes listed in this descriptor's value should be undefined (even if their required descriptor says true; i.e. the presence of this attribute satisfies the requirement.) Default is undefined; i.e. this does not apply to most attributes.

It applies to:

• bridge
  • Attributes password and credential-reference should be mutually exclusive.
• jms-bridge
  • Attributes source-password and source-credential-reference should be mutually exclusive.
  • Attributes target-password and target-credential-reference should be mutually exclusive.
• server
  • Attributes cluster-password and cluster-credential-reference should be mutually exclusive.