Hello, We are new to activemq and have read what's in here https://activemq.apache.org/encrypted-passwords
Question: That page talks about setting an environment variable (ACTIVEMQ_ENCRYPTION_PASSWORD) to hold the encryption password, start activemq and then unset that environment variable. But, how will this work in the case of say a server restart? We can't put that encryption password into any systemd service file. Our security policies do not allow for the encryption passwords to remain in any configuration or settings files especially since the decrypt mechanism is also available on the same host via bin/activemq commands. So, if a bad actor gets into the host, he can get the secret and decrypt to get the real password. Any alternatives? Thanks.
