Run spark standalone mode, then start a spark-submit requiring at least 1 executor. Do a 'ps -ef' on linux (ie putty terminal) and you will be able to see spark.ssl.keyStorePassword value in plaintext!
spark.ssl.keyStorePassword and spark.ssl.keyPassword don't need to be passed to CoarseGrainedExecutorBackend. Only spark.ssl.trustStorePassword is used.
Can be resolved if below PR is merged: