The keystorePass, keyPass, and truststorePass properties can be secured by adding @secure. prefix to the property key. For example, for keystorePass:

The next time the properties file configuration is loaded the value of the keystorePass property will be moved to an encrypted secure storage on the file system under the Software AG_directory \profiles\CTP\configuration\security\passman directory and the configuration will be written back replacing the value with a secure token that contains a handle from the secure storage instead of the original plaintext value.

You can change the value of the keystorePass property to change the password. If the password is already secured, to change the value of the keystorePass property you have to replace the secure token handle with a new plaintext password that will be secured in turn and will overwrite the previous password in the secure storage.