I am interested in a way to keep plain-text passwords out of config files, and a way to externalize the passwords from the config files (since we keep our configs in source control, it would be nice for the encrypted passwords not to be in source control). While we are at it, if other config params can be in external files (encrypted or not), that could help with keeping multiple environments, and potentially have 1 warfile.
e.g. pass: /wherever/thefile.pass
in that file is the rijndael encrypted password: sdf8sdf789sdf9sd89s978sdf
the grouper.properties could have the rijndael key for the 2 way encryption.
should have an ant task to encrypt passwords.
if the only difference between test and prod is the db credentials and url, then maybe the user / url could also be enternalized.
this should hold for sources.xml also.