FlexDeploy integrates with external credential stores like HashiCorp Vault, CyberArk AAM, Azure Key Vault, and Thycotic Secret Server, and also has API to integrate with other credential stores. This integration is focused on retrieval of secure credential text during workflow executions. Credentials (Password, Passphrase, etc.) for Endpoints, Project, Environment Instance, Integration Instances can be configured for retrieval from the external credential store. Note that such credentials retrieved from external credential stores are not stored, cached, or printed in FlexDeploy, which allows you to update credentials as per your requirements without changing anything in FlexDeploy. At the same time, FlexDeploy also supports a Local credential store where credentials are stored in an encrypted format in the FlexDeploy database. FlexDeploy Local credential store uses AES 128 or AES 256 bit encryption. See Java Cryptography Extension (JCE) unlimited strength policy files to use AES 256 bit encryption.
...
Note that FlexDeploy only allows retrieval of credentials from the external credential store, i.e. you will need to manage credentials using tools provided by the credential store. You can always manage Local credentials using UI or REST API.
...