I am trying to encrypt the UserStore connection password in WSO2 Identity Server (usr-mgt.xml) using ciphertool.bat ( using WSO2 version 5.0.0).

I have a jks file with same password for key and keystorepassword. In ciphertool.properties, modified following line as:

UserStoreManager.Property.ConnectionPassword=repository/conf/user-mgt.xml 

I generated a encrypted password by using ciphertool.bat -DConfigure command and I updated ciphertext.properties file as:

UserStoreManager.Property.ConnectionPassword=RG1Bz7q0VbyTLJ3t2yCKaoquXkZZ0XrgKZ8PgsYp4F4NNiIJ4c16aCEa2AkdYFL+jaPVmbOF/lFK1A0EWFXO35UsQ28DkwtiDKw9er4USm3DML9OlG+Ve/QNXF3RoiLG00DJGeRrqFTuz5SpphGJk1ShidEYvIyzx/5KK4BK1r0CHfMTqNFvwwAr8QY6uUD/bgbn8T99LrleRJu6fA76l77CaruISBdtf/bx1BdE30xN/+OJ5l3R9qrswLNEafxPRiHcvwuHP5BI31m6WiZ/6zUt5+P0NYCYF8aw7qNPt99+z5KAzslrk1pV3fOIirs7skhGwWDuayMa6HUU5f9CyA==

Not sure how I should tell the usr-mgt.xml file to use encrypted password. I just tried updating properties file as <Property name="ConnectionPassword">RG1Bz7q0VbyTLJ3t2yCKaoquXkZZ0XrgKZ8PgsYp4F4NNiIJ4c16aCEa2AkdYFL+jaPVmbOF/lFK1A0EWFXO35UsQ28DkwtiDKw9er4USm3DML9OlG+Ve/QNXF3RoiLG00DJGeRrqFTuz5SpphGJk1ShidEYvIyzx/5KK4BK1r0CHfMTqNFvwwAr8QY6uUD/bgbn8T99LrleRJu6fA76l77CaruISBdtf/bx1BdE30xN/+OJ5l3R9qrswLNEafxPRiHcvwuHP5BI31m6WiZ/6zUt5+P0NYCYF8aw7qNPt99+z5KAzslrk1pV3fOIirs7skhGwWDuayMa6HUU5f9CyA==</Property>

This fails. Apparently it works when I use unencrypted password. This means the usr-mgt.xml file fails to understand that it should read the password as encrypted.

It seems to be you missing the order. First you need to update the ciphertext.properties file according to your requirement. After that you can run the ciphertool.bat -DConfigure command and encrypt the password.

P.S. - This blog entry help you more about Secure Vault.