In Elytron, there is keystore password (key-store resource) and key password (key-managers resource) required.
However in theory there could be cases, where no password can be intended
- key-store resource for truststore purposes (reading truststore) (but in legacy is password required)
- PKCS12 can be created without key password (but keystore password in legacy is required)
- you can create JKS programatically without keystore password
- in legacy key password is optional (which mean keystore password is used)
From discussion: We can make the password optional on the KeyManager so if no password is specified on the KeyManager we assume it is the one from the KeyStore.
Created analysis document for this: https://developer.jboss.org/wiki/AnalysisDesign-KeyStorePasswordAsDefaultKeyManagerPassword