The issues have the goals to:

• Make the Settings an immutable instance
• Allows cryptography at Settings

Also, make some cryptography available by default:

• plaintext, no password
• 3DES
• DES
• Allows an extensible mechanism with SPI.

References:

• http://tomee.apache.org/datasource-password-encryption.html
• https://www.novatec-gmbh.de/en/blog/encrypted-properties-spring/
• https://www.baeldung.com/spring-boot-jasypt

Try to align with "password aliasing" in Jakarta Security, if that is still relevant to Jakarta Security (@arjantijms , any idea, if that's still relevant in Jakarta EE or has the idea been abandoned?)

Nice, I'm waiting for feedback.
I create a draft code about it:
#167