OpenJPA provides an interface for a provider to implement connection password encryption. Whenever a connection password is needed, the decrypt(String) method will be invoked. See org.apache.openjpa.lib.encryption.EncryptionProvider for the detailed Javadoc. Notes: It is an OpenJPA user responsibility to implement the EncryptionProvider interface. There is no default implementation. The interface has an encrypt(String) method, but it is not called by the OpenJPA runtime.