This is the best approach to having the passwords encrypted and under configuration management. This way if you needed to change the password - you could go to any server, update any conf file with a password (like pass4SymmKey) restart the service, and copy the newly encrypted password back into your configuration management platform. (for us Puppet and eyaml).
... View more