We have a couple of cases where we should be able to obtain credentials from a raw KeyStore rather than our credential store approach of wrapping credentials in SecretKeys

First SecretKey access:

• Use for protection parameter for other store.
• Use with expression resolver.
• For encryption in external mode of existing credential store.

For SSO

• Presently uses public / private key but in general maybe should support all key types.