The issue is for sure known. But i cannot find any solution. I'm using spring boot cloud config server to serve all properties values (encrypted) by {cipher} expression. It uses keystore located in the same system. But password to the keystore is in plain text. The question is there a possibility to some how encrypt the keystore password?

Thanks in advance!

Encrypting the keystore password would require configuring a key for decryption which itself would have to be stored unencrypted, so there's no use in that.

I think the best way would be setting the keystore password as an environment variable (as described in this post or this SO question).

I completely agree with @Quagaar that the best way is to actually store it in an environment variable and have the application.properties read from there. Something like server.ssl.key-store-password=${KEY_STORE_PASSWORD} and set the environment variable in the run configurations for IDE or Export command on your terminal.

Its like creating a key for another key using a passphrase, multiple times you do that still will end having some passphrase in repository (like bitbucket).

Better to encrypt all passwords using config server encrypt.key: "{$somepassphrase}" and store this passphrase(master key) as env variable and pass it using Jenkins while generating a pipeline.