this is something we need to (for PCI) if it's not available for all passwords at present (JMX password, ...).
But this JIRA address another issue we have.
We use the Karaf Master/Slave fail over mechanism. We use the jdbc lock mechanism (with Oracle). By default, Oracle (and I think the others too) doesn't use an encrypted connection. This means the user/password is sent in plain text from Karaf to the database. This is considered as insecure from our auditors.
A simple solution (at least for Oracle) is to be able to provide jdbc connection properties. Oracle support some properties to secure the connection.
With this JIRA, I would like to introduce a new property "karaf.lock.jdbc.connection.properties" in $KARAF_HOME/etc/system.properties to support this requirement.