diff --git a/manual/src/main/webapp/developers-guide/security-framework.conf b/manual/src/main/webapp/developers-guide/security-framework.conf
index e08b081..ba07a41 100644
--- a/manual/src/main/webapp/developers-guide/security-framework.conf
+++ b/manual/src/main/webapp/developers-guide/security-framework.conf
@@ -507,6 +507,61 @@
 </jaas:config>
 {pygmentize}
 
+h3. Using encrypted property placeholders
+
+When using blueprint framework for OSGi for configuring devices that requires 
+passwords like JDBC datasources, it is undesirable to use plain text passwords 
+in configuration files. To avoid this problem it is good to store database 
+passwords in encrypted format and use encrypted property placeholders when ever 
+possible.
+
+Encrypted properties are stored in plain properties files. The encrypted content 
+is wrapped by an ENC() function.
+
+{code}
+#db.cfg / db.properties
+db.url=localhost:9999
+db.username=admin
+db.password=ENC(zRM7Pb/NiKyCalroBz8CKw==)
+{code}
+
+The encrypted property placeholders can be used either by defining Apache Aries 
+ConfigAdmin {{property-placeholder}} or by directly using the Apache Karaf 
+{{property-placeholder}}. It has one child element {{encryptor}} that contains 
+the actual Jasypt configuration. For detailed information on how to configure 
+the different Jasypt encryptors, see the 
+[Jasypt documentation|http://www.jasypt.org/general-usage.html].
+
+A typical definition using Jasypt encryption would look like:
+{pygmentize:xml}
+<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
+           xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
+           xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
+           xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0">
+
+  <!-- Configuration via ConfigAdmin property-placeholder -->
+  <cm:property-placeholder persistent-id="db" update-strategy="reload"/>
+
+  <!-- Configuration via properties file -->
+  <ext:property-placeholder>
+    <ext:location>file:etc/db.properties</ext:location>
+  </ext:property-placeholder>
+
+  <enc:property-placeholder>
+    <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
+      <property name="config">
+        <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
+          <property name="algorithm" value="PBEWithMD5AndDES"/>
+          <property name="passwordEnvName" value="ENCRYPTION_PASSWORD"/>
+        </bean>
+      </property>
+    </enc:encryptor>
+  </enc:property-placeholder>
+
+  <!-- ... -->
+</blueprint>
+{pygmentize}
+
 
 h2. Role discovery policies