Infinispan: credentials returned from configuration as clear text

@@ -5,6 +5,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 
 import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
@@ -117,12 +118,43 @@ public ConfigurationBuilder toConfigurationBuilder(ConfigurationBuilder builder)
 
    @Override
    public String toString() {
-      return "HotRodURI{" +
-            "addresses=" + addresses +
-            ", ssl=" + ssl +
-            ", username='" + username + '\'' +
-            ", password='" + password + '\'' +
-            ", properties=" + properties +
-            '}';
+      return toString(false);
+   }
+
+   public String toString(boolean withCredentials) {
+      StringBuilder sb = new StringBuilder();
+      if (ssl) sb.append("hotrods://"); else sb.append("hotrod://");
+      if (withCredentials) {
+         sb.append(username);
+         sb.append(':');
+         sb.append(password);
+         sb.append('@');
+      }
+      for(int i = 0; i < addresses.size(); i++) {
+         if (i > 0) {
+            sb.append(',');
+         }
+         InetSocketAddress address = addresses.get(i);
+         sb.append(address.getHostString());
+         if (address.getPort() != ConfigurationProperties.DEFAULT_HOTROD_PORT) {
+            sb.append(':');
+            sb.append(address.getPort());
+         }
+      }
+      if (!properties.isEmpty()) {
+         sb.append('?');
+         for(Map.Entry<Object, Object> property : properties.entrySet()) {
+            String key = property.getKey().toString();
+            if (key.startsWith(ConfigurationProperties.ICH)) {
+               sb.append(key.substring(ConfigurationProperties.ICH.length()));
+            } else {
+               sb.append(key);
+            }
+            sb.append('=');
+            sb.append(property.getValue());
+
+         }
+      }
+      return sb.toString();
    }
 }

@@ -775,4 +775,11 @@ public void testPerCacheMarshallerConfig() throws IOException {
       assertEquals(JavaSerializationMarshaller.class.getName(), props.getProperty("infinispan.client.hotrod.cache.mycache.marshaller"));
       assertEquals(UTF8StringMarshaller.class.getName(), props.getProperty("infinispan.client.hotrod.cache.org.infinispan.yourcache.marshaller"));
    }
+
+   @Test
+   public void testHotRodURItoString() {
+      HotRodURI uri = HotRodURI.create("hotrod://user:secret@host1?client_intelligence=BASIC");
+      assertEquals("hotrod://host1?client_intelligence=BASIC", uri.toString());
+      assertEquals("hotrod://user:secret@host1?client_intelligence=BASIC", uri.toString(true));
+   }
 }

@@ -5,6 +5,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 
 import org.infinispan.hotrod.configuration.HotRodConfigurationBuilder;
@@ -116,12 +117,43 @@ public HotRodConfigurationBuilder toConfigurationBuilder(HotRodConfigurationBuil
 
    @Override
    public String toString() {
-      return "HotRodURI{" +
-            "addresses=" + addresses +
-            ", ssl=" + ssl +
-            ", username='" + username + '\'' +
-            ", password='" + password + '\'' +
-            ", properties=" + properties +
-            '}';
+      return toString(false);
+   }
+
+   public String toString(boolean withCredentials) {
+      StringBuilder sb = new StringBuilder();
+      if (ssl) sb.append("hotrods://"); else sb.append("hotrod://");
+      if (withCredentials) {
+         sb.append(username);
+         sb.append(':');
+         sb.append(password);
+         sb.append('@');
+      }
+      for(int i = 0; i < addresses.size(); i++) {
+         if (i > 0) {
+            sb.append(',');
+         }
+         InetSocketAddress address = addresses.get(i);
+         sb.append(address.getHostString());
+         if (address.getPort() != ConfigurationProperties.DEFAULT_HOTROD_PORT) {
+            sb.append(':');
+            sb.append(address.getPort());
+         }
+      }
+      if (!properties.isEmpty()) {
+         sb.append('?');
+         for(Map.Entry<Object, Object> property : properties.entrySet()) {
+            String key = property.getKey().toString();
+            if (key.startsWith(ConfigurationProperties.ICH)) {
+               sb.append(key.substring(ConfigurationProperties.ICH.length()));
+            } else {
+               sb.append(key);
+            }
+            sb.append('=');
+            sb.append(property.getValue());
+
+         }
+      }
+      return sb.toString();
    }
 }

@@ -20,15 +20,22 @@ public interface AttributeSerializer<T> {
          writer.writeAttribute(name, value.toString());
       }
    };
-   AttributeSerializer<Supplier<char[]>> SECRET = (writer, name, value) -> {
+   AttributeSerializer<String> SECRET = (writer, name, value) -> {
+      if (writer.clearTextSecrets()) {
+         writer.writeAttribute(name, value);
+      } else {
+         writer.writeAttribute(name, "***");
+      }
+   };
+   AttributeSerializer<Supplier<char[]>> SECRET_SUPPLIER = (writer, name, value) -> {
       if (writer.clearTextSecrets()) {
          writer.writeAttribute(name, new String(value.get()));
       } else {
          writer.writeAttribute(name, "***");
       }
    };
    AttributeSerializer<String[]> STRING_ARRAY = (writer, name, value) -> writer.writeAttribute(name, Arrays.asList(value));
-   AttributeSerializer<Collection<String>> STRING_COLLECTION = (writer, name, value) -> writer.writeAttribute(name, value);
+   AttributeSerializer<Collection<String>> STRING_COLLECTION = ConfigurationWriter::writeAttribute;
    AttributeSerializer<Collection<? extends Enum<?>>> ENUM_COLLECTION = (writer, name, value) -> writer.writeAttribute(name, value.stream().map(Enum::toString).collect(Collectors.toList()));
    AttributeSerializer<Object> INSTANCE_CLASS_NAME = ((writer, name, value) -> writer.writeAttribute(name, value.getClass().getName()));
    AttributeSerializer<Class> CLASS_NAME = ((writer, name, value) -> writer.writeAttribute(name, value.getName()));

@@ -1,5 +1,7 @@
 package org.infinispan.commons.configuration;
 
+import org.infinispan.commons.dataconversion.MediaType;
+
 /**
  * BasicConfiguration provides the basis for concrete configurations.
  *
@@ -24,10 +26,24 @@ default String toXMLString(String name) {
    }
 
    /**
-    * Converts this configuration to a string-based representation. The name of the configuration in the will be the one
-    * supplied in the argument. The string must be in one of the supported formats (XML, JSON, YAML).
+    * Converts this configuration to an XML.
+    *
+    * @param name The name of the configuration in the generated string.
+    *
+    * @return a String containing the representation of an Infinispan configuration using the Infinispan schema in XML.
+    */
+   default String toStringConfiguration(String name) {
+      return toStringConfiguration(name, MediaType.APPLICATION_XML, true);
+   }
+
+   /**
+    * Converts this configuration to a string representation.
+    *
+    * @param name The name of the configuration in the generated string.
+    * @param mediaType The type of string to generate. Can be one of XML, JSON or YAML.
+    * @param clearTextSecrets Whether secrets (e.g. passwords) should be included in clear text or masked.
     *
     * @return a String containing the representation of an Infinispan configuration using the Infinispan schema in one of the supported formats (XML, JSON, YAML).
     */
-   String toStringConfiguration(String name);
+   String toStringConfiguration(String name, MediaType mediaType, boolean clearTextSecrets);
 }

@@ -1,5 +1,7 @@
 package org.infinispan.commons.configuration;
 
+import org.infinispan.commons.dataconversion.MediaType;
+
 /**
  * A simple wrapper for a configuration represented as a String. The configuration can be in any
  * of the supported formats: XML, JSON, and YAML.
@@ -18,4 +20,9 @@ public StringConfiguration(String string) {
    public String toStringConfiguration(String name) {
       return string;
    }
+
+   @Override
+   public String toStringConfiguration(String name, MediaType mediaType, boolean clearTextSecrets) {
+      return string;
+   }
 }

@@ -12,6 +12,9 @@
 import org.infinispan.commons.configuration.attributes.AttributeSet;
 import org.infinispan.commons.configuration.attributes.ConfigurationElement;
 import org.infinispan.commons.configuration.attributes.Matchable;
+import org.infinispan.commons.configuration.io.ConfigurationWriter;
+import org.infinispan.commons.dataconversion.MediaType;
+import org.infinispan.commons.io.StringBuilderWriter;
 import org.infinispan.configuration.parsing.ParserRegistry;
 
 public class Configuration extends ConfigurationElement<Configuration> implements BasicConfiguration {
@@ -302,8 +305,12 @@ public boolean matches(Configuration other) {
    }
 
    @Override
-   public String toStringConfiguration(String name) {
-      ParserRegistry reg = new ParserRegistry();
-      return reg.serialize(name, this);
+   public String toStringConfiguration(String name, MediaType mediaType, boolean clearTextSecrets) {
+      StringBuilderWriter sw = new StringBuilderWriter();
+      try (ConfigurationWriter writer = ConfigurationWriter.to(sw).withType(mediaType).clearTextSecrets(clearTextSecrets).prettyPrint(false).build()) {
+         ParserRegistry reg = new ParserRegistry();
+         reg.serialize(writer, name, this);
+      }
+      return sw.toString();
    }
 }

@@ -205,7 +205,7 @@ public CompletionStage<Void> createTemplate(String name, Configuration configura
       return cache.containsKeyAsync(key).thenCompose(exists -> {
          if (exists)
             throw CONFIG.configAlreadyDefined(name);
-         return cache.putAsync(key, new CacheState(null, parserRegistry.serialize(name, configuration), flags));
+         return cache.putAsync(key, new CacheState(null, configuration.toStringConfiguration(name), flags));
       }).thenApply(v -> null);
    }
 
@@ -214,7 +214,7 @@ public CompletionStage<Configuration> getOrCreateTemplate(String name, Configura
       assertNameLength(name);
       localConfigurationManager.validateFlags(flags);
       try {
-         final CacheState state = new CacheState(null, parserRegistry.serialize(name, configuration), flags);
+         final CacheState state = new CacheState(null, configuration.toStringConfiguration(name), flags);
          return getStateCache().putIfAbsentAsync(new ScopedState(TEMPLATE_SCOPE, name), state).thenApply((v) -> configuration);
       } catch (Exception e) {
          throw CONFIG.configurationSerializationFailed(name, configuration, e);
@@ -278,7 +278,7 @@ private CompletionStage<Object> createCacheInternal(String cacheName, String tem
       localConfigurationManager.validateFlags(flags);
       final CacheState state;
       try {
-         state = new CacheState(template, parserRegistry.serialize(cacheName, configuration), flags);
+         state = new CacheState(template, configuration.toStringConfiguration(cacheName), flags);
       } catch (Exception e) {
          throw CONFIG.configurationSerializationFailed(cacheName, configuration, e);
       }

@@ -1,7 +1,5 @@
 package org.infinispan.persistence.jdbc.common.configuration;
 
-import static org.infinispan.configuration.serializing.SerializeUtils.writeOptional;
-
 import org.infinispan.commons.configuration.io.ConfigurationWriter;
 import org.infinispan.configuration.serializing.AbstractStoreSerializer;
 
@@ -18,25 +16,19 @@ protected void writeJdbcStoreAttributes(ConfigurationWriter writer, AbstractJdbc
 
    private void writeJDBCStoreConnection(ConfigurationWriter writer, SimpleConnectionFactoryConfiguration configuration) {
       writer.writeStartElement(Element.SIMPLE_CONNECTION);
-      writeOptional(writer, Attribute.CONNECTION_URL, configuration.connectionUrl());
-      writeOptional(writer, Attribute.DRIVER_CLASS, configuration.driverClass());
-      writeOptional(writer, Attribute.USERNAME, configuration.username());
-      writeOptional(writer, Attribute.PASSWORD, configuration.password());
+      configuration.attributes().write(writer);
       writer.writeEndElement();
    }
 
    private void writeJDBCStoreConnection(ConfigurationWriter writer, PooledConnectionFactoryConfiguration configuration) {
       writer.writeStartElement(Element.CONNECTION_POOL);
-      writeOptional(writer, Attribute.CONNECTION_URL, configuration.connectionUrl());
-      writeOptional(writer, Attribute.DRIVER_CLASS, configuration.driverClass());
-      writeOptional(writer, Attribute.USERNAME, configuration.username());
-      writeOptional(writer, Attribute.PASSWORD, configuration.password());
+      configuration.attributes().write(writer);
       writer.writeEndElement();
    }
 
    private void writeJDBCStoreConnection(ConfigurationWriter writer, ManagedConnectionFactoryConfiguration configuration) {
       writer.writeStartElement(Element.DATA_SOURCE);
-      writer.writeAttribute(Attribute.JNDI_URL, configuration.jndiUrl());
+      configuration.attributes().write(writer);
       writer.writeEndElement();
    }
 

@@ -1,13 +1,17 @@
 package org.infinispan.persistence.jdbc.common.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
+
+import java.util.Objects;
+
 import org.infinispan.commons.configuration.attributes.Attribute;
 import org.infinispan.commons.configuration.attributes.AttributeDefinition;
 import org.infinispan.commons.configuration.attributes.AttributeSet;
 
 public abstract class AbstractUnmanagedConnectionFactoryConfiguration implements ConnectionFactoryConfiguration {
 
-   public static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.USERNAME, null, String.class).immutable().build();
-   public static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.PASSWORD, null, String.class).immutable().build();
+   public static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.USERNAME, null, String.class).serializer(SECRET).immutable().build();
+   public static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().build();
    public static final AttributeDefinition<String> DRIVER_CLASS = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.DRIVER_CLASS, null, String.class).immutable().build();
    public static final AttributeDefinition<String> CONNECTION_URL = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.CONNECTION_URL, null, String.class).immutable().build();
 
@@ -53,11 +57,18 @@ public boolean equals(Object o) {
 
       AbstractUnmanagedConnectionFactoryConfiguration that = (AbstractUnmanagedConnectionFactoryConfiguration) o;
 
-      return attributes != null ? attributes.equals(that.attributes) : that.attributes == null;
+      return Objects.equals(attributes, that.attributes);
    }
 
    @Override
    public int hashCode() {
       return attributes != null ? attributes.hashCode() : 0;
    }
+
+   @Override
+   public String toString() {
+      return this.getClass().getName() +
+            "attributes=" + attributes +
+            '}';
+   }
 }

@@ -1,5 +1,6 @@
 package org.infinispan.persistence.jdbc.common.configuration;
 
+import org.infinispan.commons.configuration.attributes.AttributeSet;
 import org.infinispan.persistence.jdbc.common.connectionfactory.ConnectionFactory;
 
 /**
@@ -10,4 +11,6 @@
  */
 public interface ConnectionFactoryConfiguration {
    Class<? extends ConnectionFactory> connectionFactoryClass();
+
+   AttributeSet attributes();
 }

@@ -1,7 +1,5 @@
 package org.infinispan.persistence.jdbc.configuration;
 
-import static org.testng.AssertJUnit.assertEquals;
-
 import org.infinispan.configuration.cache.StoreConfiguration;
 import org.infinispan.configuration.serializer.AbstractConfigurationSerializerTest;
 import org.infinispan.persistence.jdbc.common.configuration.AbstractJdbcStoreConfiguration;
@@ -14,7 +12,7 @@ protected void compareStoreConfiguration(String name, StoreConfiguration beforeS
       if (beforeStore instanceof AbstractJdbcStoreConfiguration) {
          AbstractJdbcStoreConfiguration before = (AbstractJdbcStoreConfiguration) beforeStore;
          AbstractJdbcStoreConfiguration after = (AbstractJdbcStoreConfiguration) afterStore;
-         assertEquals("Configuration " + name + " JDBC connection factory", before.connectionFactory(), after.connectionFactory());
+         compareAttributeSets("Configuration " + name + " JDBC connection factory", before.connectionFactory().attributes(), after.connectionFactory().attributes(), "username", "password");
       }
       if (beforeStore instanceof JdbcStringBasedStoreConfiguration) {
          JdbcStringBasedStoreConfiguration before = (JdbcStringBasedStoreConfiguration) beforeStore;

@@ -1,5 +1,7 @@
 package org.infinispan.persistence.remote.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
+
 import org.infinispan.commons.configuration.attributes.AttributeDefinition;
 import org.infinispan.commons.configuration.attributes.AttributeSet;
 import org.infinispan.commons.util.Util;
@@ -11,8 +13,8 @@ public class KeyStoreConfiguration {
 
    static final AttributeDefinition<String> KEYSTORE_FILENAME = AttributeDefinition.builder(Attribute.FILENAME, null, String.class).immutable().autoPersist(false).build();
    static final AttributeDefinition<String> KEYSTORE_TYPE = AttributeDefinition.builder(Attribute.TYPE, "JKS", String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> KEYSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> KEYSTORE_CERTIFICATE_PASSWORD = AttributeDefinition.builder(Attribute.CERTIFICATE_PASSWORD, null, String.class).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> KEYSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> KEYSTORE_CERTIFICATE_PASSWORD = AttributeDefinition.builder(Attribute.CERTIFICATE_PASSWORD, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
    static final AttributeDefinition<String> KEY_ALIAS = AttributeDefinition.builder(Attribute.KEY_ALIAS, null, String.class).immutable().autoPersist(false).build();
 
    private final AttributeSet attributes;

@@ -1,5 +1,6 @@
 package org.infinispan.persistence.remote.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
 import static org.infinispan.persistence.remote.configuration.Element.AUTH_DIGEST;
 import static org.infinispan.persistence.remote.configuration.Element.AUTH_EXTERNAL;
 import static org.infinispan.persistence.remote.configuration.Element.AUTH_PLAIN;
@@ -11,10 +12,10 @@
 
 public class MechanismConfiguration {
 
-   static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder("username", null, String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder("password", null, String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> REALM = AttributeDefinition.builder("realm", null, String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> SASL_MECHANISM = AttributeDefinition.builder("sasl-mechanism", null, String.class)
+   static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder(Attribute.USERNAME, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> REALM = AttributeDefinition.builder(Attribute.REALM, null, String.class).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> SASL_MECHANISM = AttributeDefinition.builder(Attribute.SASL_MECHANISM, null, String.class)
          .immutable().autoPersist(false).build();
    private final AttributeSet attributes;
 

@@ -4,6 +4,7 @@
 
 import org.infinispan.client.hotrod.ProtocolVersion;
 import org.infinispan.client.hotrod.impl.ConfigurationProperties;
+import org.infinispan.client.hotrod.impl.HotRodURI;
 import org.infinispan.client.hotrod.impl.transport.tcp.RoundRobinBalancingStrategy;
 import org.infinispan.commons.configuration.BuiltBy;
 import org.infinispan.commons.configuration.ConfigurationFor;
@@ -39,8 +40,7 @@ public class RemoteStoreConfiguration extends AbstractStoreConfiguration {
          .immutable().build();
    static final AttributeDefinition<String> REMOTE_CACHE_NAME = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.REMOTE_CACHE_NAME, "").immutable().build();
 
-   static final AttributeDefinition<String> URI = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.URI, null, String.class).immutable()
-         .build();
+   static final AttributeDefinition<String> URI = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.URI, null, String.class).immutable().serializer((writer, name, value) -> writer.writeAttribute(name, HotRodURI.create(value).toString(writer.clearTextSecrets()))).build();
 
    static final AttributeDefinition<Long> SOCKET_TIMEOUT = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.SOCKET_TIMEOUT, (long) ConfigurationProperties.DEFAULT_SO_TIMEOUT).build();
    static final AttributeDefinition<Boolean> TCP_NO_DELAY = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.TCP_NO_DELAY, true).build();

@@ -4,31 +4,30 @@
 
 import org.infinispan.commons.configuration.attributes.AttributeDefinition;
 import org.infinispan.commons.configuration.attributes.AttributeSet;
+import org.infinispan.commons.configuration.attributes.ConfigurationElement;
 
 /**
  * SslConfiguration.
  *
  * @author Tristan Tarrant
  * @since 9.1
  */
-public class SslConfiguration {
-   static final AttributeDefinition<Boolean> ENABLED = AttributeDefinition.builder("enabled", false, Boolean.class).immutable().autoPersist(false).build();
+public class SslConfiguration extends ConfigurationElement<SslConfiguration> {
+   static final AttributeDefinition<Boolean> ENABLED = AttributeDefinition.builder(Attribute.ENABLED, false, Boolean.class).immutable().autoPersist(false).build();
    static final AttributeDefinition<SSLContext> SSL_CONTEXT = AttributeDefinition.builder("sslContext", null, SSLContext.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> SNI_HOSTNAME = AttributeDefinition.builder("sniHostname", null, String.class).immutable().build();
+   static final AttributeDefinition<String> SNI_HOSTNAME = AttributeDefinition.builder(Attribute.SNI_HOSTNAME, null, String.class).immutable().build();
    static final AttributeDefinition<Boolean> HOSTNAME_VALIDATION = AttributeDefinition.builder("ssl-hostname-validation", true).immutable().build();
-   static final AttributeDefinition<String> PROTOCOL = AttributeDefinition.builder("protocol", null, String.class).immutable().build();
-
-   private final AttributeSet attributes;
+   static final AttributeDefinition<String> PROTOCOL = AttributeDefinition.builder(Attribute.PROTOCOL, null, String.class).immutable().build();
 
    static AttributeSet attributeDefinitionSet() {
       return new AttributeSet(SslConfiguration.class, ENABLED, SSL_CONTEXT, SNI_HOSTNAME, HOSTNAME_VALIDATION, PROTOCOL);
    }
 
-   private KeyStoreConfiguration keyStoreConfiguration;
-   private TrustStoreConfiguration trustStoreConfiguration;
+   private final KeyStoreConfiguration keyStoreConfiguration;
+   private final TrustStoreConfiguration trustStoreConfiguration;
 
    SslConfiguration(AttributeSet attributes, KeyStoreConfiguration keyStoreConfiguration, TrustStoreConfiguration trustStoreConfiguration) {
-      this.attributes = attributes.checkProtection();
+      super(Element.ENCRYPTION, attributes);
       this.keyStoreConfiguration = keyStoreConfiguration;
       this.trustStoreConfiguration = trustStoreConfiguration;
    }
@@ -41,10 +40,6 @@ public TrustStoreConfiguration trustStoreConfiguration() {
       return trustStoreConfiguration;
    }
 
-   public AttributeSet attributes() {
-      return attributes;
-   }
-
    public boolean enabled() {
       return attributes.attribute(ENABLED).get();
    }
@@ -96,35 +91,4 @@ public String sniHostName() {
    public String protocol() {
       return attributes.attribute(PROTOCOL).get();
    }
-
-   @Override
-   public boolean equals(Object o) {
-      if (this == o) return true;
-      if (o == null || getClass() != o.getClass()) return false;
-
-      SslConfiguration that = (SslConfiguration) o;
-
-      if (attributes != null ? !attributes.equals(that.attributes) : that.attributes != null) return false;
-      if (keyStoreConfiguration != null ? !keyStoreConfiguration.equals(that.keyStoreConfiguration) : that.keyStoreConfiguration != null)
-         return false;
-      return trustStoreConfiguration != null ? trustStoreConfiguration.equals(that.trustStoreConfiguration) : that.trustStoreConfiguration == null;
-   }
-
-   @Override
-   public int hashCode() {
-      int result = attributes != null ? attributes.hashCode() : 0;
-      result = 31 * result + (keyStoreConfiguration != null ? keyStoreConfiguration.hashCode() : 0);
-      result = 31 * result + (trustStoreConfiguration != null ? trustStoreConfiguration.hashCode() : 0);
-      return result;
-   }
-
-   @Override
-   public String toString() {
-      return "SslConfiguration{" +
-            "attributes=" + attributes +
-            ", keyStoreConfiguration=" + keyStoreConfiguration +
-            ", trustStoreConfiguration=" + trustStoreConfiguration +
-            '}';
-   }
-
 }

@@ -1,5 +1,7 @@
 package org.infinispan.persistence.remote.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
+
 import java.util.Objects;
 
 import org.infinispan.commons.configuration.attributes.AttributeDefinition;
@@ -10,7 +12,7 @@ public class TrustStoreConfiguration {
 
    static final AttributeDefinition<String> TRUSTSTORE_FILENAME = AttributeDefinition.builder(Attribute.FILENAME, null, String.class).immutable().autoPersist(false).build();
    static final AttributeDefinition<String> TRUSTSTORE_TYPE = AttributeDefinition.builder(Attribute.TYPE, "JKS", String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> TRUSTSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> TRUSTSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
 
    private final AttributeSet attributes;
 

@@ -7,9 +7,7 @@
 import java.io.IOException;
 
 import org.infinispan.commons.configuration.io.ConfigurationResourceResolvers;
-import org.infinispan.commons.configuration.io.ConfigurationWriter;
 import org.infinispan.commons.dataconversion.internal.Json;
-import org.infinispan.commons.io.StringBuilderWriter;
 import org.infinispan.configuration.cache.Configuration;
 import org.infinispan.configuration.cache.ConfigurationBuilder;
 import org.infinispan.configuration.parsing.ConfigurationBuilderHolder;
@@ -33,11 +31,8 @@ public static String toJson(RemoteStoreConfiguration configuration) {
       ConfigurationBuilder builder = new ConfigurationBuilder();
       RemoteStoreConfigurationBuilder storeBuilder = builder.persistence().addStore(RemoteStoreConfigurationBuilder.class);
       storeBuilder.read(configuration);
-      StringBuilderWriter sw = new StringBuilderWriter();
-      try (ConfigurationWriter w = ConfigurationWriter.to(sw).withType(APPLICATION_JSON).build()) {
-         parserRegistry.serialize(w, null, builder.build());
-      }
-      return Json.read(sw.toString()).at("local-cache").at("persistence").toString();
+      String stringConfiguration = builder.build().toStringConfiguration(null, APPLICATION_JSON, true);
+      return Json.read(stringConfiguration).at("local-cache").at("persistence").toString();
    }
 
    public static RemoteStoreConfiguration fromJson(String json) throws IOException {

@@ -1,7 +1,5 @@
 package org.infinispan.persistence.sql.configuration;
 
-import static org.testng.AssertJUnit.assertEquals;
-
 import org.infinispan.configuration.cache.StoreConfiguration;
 import org.infinispan.configuration.serializer.AbstractConfigurationSerializerTest;
 import org.infinispan.persistence.jdbc.common.configuration.AbstractJdbcStoreConfiguration;
@@ -15,7 +13,7 @@ protected void compareStoreConfiguration(String name, StoreConfiguration beforeS
       if (beforeStore instanceof AbstractJdbcStoreConfiguration) {
          AbstractJdbcStoreConfiguration before = (AbstractJdbcStoreConfiguration) beforeStore;
          AbstractJdbcStoreConfiguration after = (AbstractJdbcStoreConfiguration) afterStore;
-         assertEquals("Configuration " + name + " JDBC connection factory", before.connectionFactory(), after.connectionFactory());
+         compareAttributeSets("Configuration " + name + " JDBC connection factory", before.connectionFactory().attributes(), after.connectionFactory().attributes(), "username", "password");
       }
       if (beforeStore instanceof QueriesJdbcStoreConfiguration) {
          QueriesJdbcStoreConfiguration before = (QueriesJdbcStoreConfiguration) beforeStore;

@@ -53,6 +53,7 @@
 import org.infinispan.commons.util.Util;
 import org.infinispan.lifecycle.ComponentStatus;
 import org.infinispan.security.AuthorizationPermission;
+import org.infinispan.server.network.NetworkAddress;
 import org.infinispan.server.test.api.TestUser;
 import org.jboss.shrinkwrap.api.exporter.ZipExporter;
 import org.jboss.shrinkwrap.api.spec.JavaArchive;
@@ -117,7 +118,7 @@ public InfinispanServerTestConfiguration getConfiguration() {
    protected String debugJvmOption() {
       String nonLoopbackAddress;
       try {
-         nonLoopbackAddress = findAddress(InetAddress::isLoopbackAddress).getAddress().getHostAddress();
+         nonLoopbackAddress = NetworkAddress.nonLoopback("").getAddress().getHostAddress();
       } catch (IOException e) {
          throw new IllegalStateException("Could not find a non-loopback address");
       }

@@ -9,7 +9,7 @@
 
 public class JdbcConfigurationUtil {
 
-    private PooledConnectionFactoryConfigurationBuilder persistenceConfiguration;
+    private PooledConnectionFactoryConfigurationBuilder<?> persistenceConfiguration;
     private final ConfigurationBuilder configurationBuilder;
     private final CacheMode cacheMode;
 
@@ -53,7 +53,7 @@ public JdbcConfigurationUtil setEviction() {
         return this;
     }
 
-    public PooledConnectionFactoryConfigurationBuilder getPersistenceConfiguration() {
+    public PooledConnectionFactoryConfigurationBuilder<?> getPersistenceConfiguration() {
         return this.persistenceConfiguration;
     }
 

@@ -96,7 +96,7 @@ public void testPreload(Database database) throws Exception {
      */
     @ParameterizedTest
     @ArgumentsSource(Common.DatabaseProvider.class)
-    public void testDefaultTwoWayKey2StringMapper(Database database) throws Exception {
+    public void testDefaultTwoWayKey2StringMapper(Database database) {
         JdbcConfigurationUtil jdbcUtil = new JdbcConfigurationUtil(CacheMode.REPL_SYNC, database, false, true)
                 .setLockingConfigurations();
         RemoteCache<Object, Object> cache = SERVERS.hotrod().withServerConfiguration(jdbcUtil.getConfigurationBuilder()).create();

@@ -5,6 +5,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 
 import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
@@ -117,12 +118,43 @@ public ConfigurationBuilder toConfigurationBuilder(ConfigurationBuilder builder)
 
    @Override
    public String toString() {
-      return "HotRodURI{" +
-            "addresses=" + addresses +
-            ", ssl=" + ssl +
-            ", username='" + username + '\'' +
-            ", password='" + password + '\'' +
-            ", properties=" + properties +
-            '}';
+      return toString(false);
+   }
+
+   public String toString(boolean withCredentials) {
+      StringBuilder sb = new StringBuilder();
+      if (ssl) sb.append("hotrods://"); else sb.append("hotrod://");
+      if (withCredentials) {
+         sb.append(username);
+         sb.append(':');
+         sb.append(password);
+         sb.append('@');
+      }
+      for(int i = 0; i < addresses.size(); i++) {
+         if (i > 0) {
+            sb.append(',');
+         }
+         InetSocketAddress address = addresses.get(i);
+         sb.append(address.getHostString());
+         if (address.getPort() != ConfigurationProperties.DEFAULT_HOTROD_PORT) {
+            sb.append(':');
+            sb.append(address.getPort());
+         }
+      }
+      if (!properties.isEmpty()) {
+         sb.append('?');
+         for(Map.Entry<Object, Object> property : properties.entrySet()) {
+            String key = property.getKey().toString();
+            if (key.startsWith(ConfigurationProperties.ICH)) {
+               sb.append(key.substring(ConfigurationProperties.ICH.length()));
+            } else {
+               sb.append(key);
+            }
+            sb.append('=');
+            sb.append(property.getValue());
+
+         }
+      }
+      return sb.toString();
    }
 }

@@ -770,4 +770,11 @@ public void testPerCacheMarshallerConfig() throws IOException {
       assertEquals(JavaSerializationMarshaller.class.getName(), props.getProperty("infinispan.client.hotrod.cache.mycache.marshaller"));
       assertEquals(UTF8StringMarshaller.class.getName(), props.getProperty("infinispan.client.hotrod.cache.org.infinispan.yourcache.marshaller"));
    }
+
+   @Test
+   public void testHotRodURItoString() {
+      HotRodURI uri = HotRodURI.create("hotrod://user:secret@host1?client_intelligence=BASIC");
+      assertEquals("hotrod://host1?client_intelligence=BASIC", uri.toString());
+      assertEquals("hotrod://user:secret@host1?client_intelligence=BASIC", uri.toString(true));
+   }
 }

@@ -5,6 +5,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Properties;
 
 import org.infinispan.hotrod.configuration.HotRodConfigurationBuilder;
@@ -116,12 +117,43 @@ public HotRodConfigurationBuilder toConfigurationBuilder(HotRodConfigurationBuil
 
    @Override
    public String toString() {
-      return "HotRodURI{" +
-            "addresses=" + addresses +
-            ", ssl=" + ssl +
-            ", username='" + username + '\'' +
-            ", password='" + password + '\'' +
-            ", properties=" + properties +
-            '}';
+      return toString(false);
+   }
+
+   public String toString(boolean withCredentials) {
+      StringBuilder sb = new StringBuilder();
+      if (ssl) sb.append("hotrods://"); else sb.append("hotrod://");
+      if (withCredentials) {
+         sb.append(username);
+         sb.append(':');
+         sb.append(password);
+         sb.append('@');
+      }
+      for(int i = 0; i < addresses.size(); i++) {
+         if (i > 0) {
+            sb.append(',');
+         }
+         InetSocketAddress address = addresses.get(i);
+         sb.append(address.getHostString());
+         if (address.getPort() != ConfigurationProperties.DEFAULT_HOTROD_PORT) {
+            sb.append(':');
+            sb.append(address.getPort());
+         }
+      }
+      if (!properties.isEmpty()) {
+         sb.append('?');
+         for(Map.Entry<Object, Object> property : properties.entrySet()) {
+            String key = property.getKey().toString();
+            if (key.startsWith(ConfigurationProperties.ICH)) {
+               sb.append(key.substring(ConfigurationProperties.ICH.length()));
+            } else {
+               sb.append(key);
+            }
+            sb.append('=');
+            sb.append(property.getValue());
+
+         }
+      }
+      return sb.toString();
    }
 }

@@ -2,7 +2,6 @@
 
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
 import org.infinispan.commons.configuration.io.ConfigurationWriter;
@@ -20,15 +19,15 @@ public interface AttributeSerializer<T> {
          writer.writeAttribute(name, value.toString());
       }
    };
-   AttributeSerializer<Supplier<char[]>> SECRET = (writer, name, value) -> {
+   AttributeSerializer<String> SECRET = (writer, name, value) -> {
       if (writer.clearTextSecrets()) {
-         writer.writeAttribute(name, new String(value.get()));
+         writer.writeAttribute(name, value);
       } else {
          writer.writeAttribute(name, "***");
       }
    };
    AttributeSerializer<String[]> STRING_ARRAY = (writer, name, value) -> writer.writeAttribute(name, Arrays.asList(value));
-   AttributeSerializer<Collection<String>> STRING_COLLECTION = (writer, name, value) -> writer.writeAttribute(name, value);
+   AttributeSerializer<Collection<String>> STRING_COLLECTION = ConfigurationWriter::writeAttribute;
    AttributeSerializer<Collection<? extends Enum<?>>> ENUM_COLLECTION = (writer, name, value) -> writer.writeAttribute(name, value.stream().map(Enum::toString).collect(Collectors.toList()));
    AttributeSerializer<Object> INSTANCE_CLASS_NAME = ((writer, name, value) -> writer.writeAttribute(name, value.getClass().getName()));
    AttributeSerializer<Class> CLASS_NAME = ((writer, name, value) -> writer.writeAttribute(name, value.getName()));

@@ -1,5 +1,7 @@
 package org.infinispan.commons.configuration;
 
+import org.infinispan.commons.dataconversion.MediaType;
+
 /**
  * BasicConfiguration provides the basis for concrete configurations.
  *
@@ -24,10 +26,24 @@ default String toXMLString(String name) {
    }
 
    /**
-    * Converts this configuration to a string-based representation. The name of the configuration in the will be the one
-    * supplied in the argument. The string must be in one of the supported formats (XML, JSON, YAML).
+    * Converts this configuration to an XML.
+    *
+    * @param name The name of the configuration in the generated string.
+    *
+    * @return a String containing the representation of an Infinispan configuration using the Infinispan schema in XML.
+    */
+   default String toStringConfiguration(String name) {
+      return toStringConfiguration(name, MediaType.APPLICATION_XML, true);
+   }
+
+   /**
+    * Converts this configuration to a string representation.
+    *
+    * @param name The name of the configuration in the generated string.
+    * @param mediaType The type of string to generate. Can be one of XML, JSON or YAML.
+    * @param clearTextSecrets Whether secrets (e.g. passwords) should be included in clear text or masked.
     *
     * @return a String containing the representation of an Infinispan configuration using the Infinispan schema in one of the supported formats (XML, JSON, YAML).
     */
-   String toStringConfiguration(String name);
+   String toStringConfiguration(String name, MediaType mediaType, boolean clearTextSecrets);
 }

@@ -1,5 +1,7 @@
 package org.infinispan.commons.configuration;
 
+import org.infinispan.commons.dataconversion.MediaType;
+
 /**
  * A simple wrapper for a configuration represented as a String. The configuration can be in any
  * of the supported formats: XML, JSON, and YAML.
@@ -18,4 +20,9 @@ public StringConfiguration(String string) {
    public String toStringConfiguration(String name) {
       return string;
    }
+
+   @Override
+   public String toStringConfiguration(String name, MediaType mediaType, boolean clearTextSecrets) {
+      return string;
+   }
 }

@@ -12,6 +12,9 @@
 import org.infinispan.commons.configuration.attributes.AttributeSet;
 import org.infinispan.commons.configuration.attributes.ConfigurationElement;
 import org.infinispan.commons.configuration.attributes.Matchable;
+import org.infinispan.commons.configuration.io.ConfigurationWriter;
+import org.infinispan.commons.dataconversion.MediaType;
+import org.infinispan.commons.io.StringBuilderWriter;
 import org.infinispan.configuration.parsing.ParserRegistry;
 
 public class Configuration extends ConfigurationElement<Configuration> implements BasicConfiguration {
@@ -293,8 +296,12 @@ public boolean matches(Configuration other) {
    }
 
    @Override
-   public String toStringConfiguration(String name) {
-      ParserRegistry reg = new ParserRegistry();
-      return reg.serialize(name, this);
+   public String toStringConfiguration(String name, MediaType mediaType, boolean clearTextSecrets) {
+      StringBuilderWriter sw = new StringBuilderWriter();
+      try (ConfigurationWriter writer = ConfigurationWriter.to(sw).withType(mediaType).clearTextSecrets(clearTextSecrets).prettyPrint(false).build()) {
+         ParserRegistry reg = new ParserRegistry();
+         reg.serialize(writer, name, this);
+      }
+      return sw.toString();
    }
 }

@@ -206,7 +206,7 @@ public CompletionStage<Void> createTemplate(String name, Configuration configura
       return cache.containsKeyAsync(key).thenCompose(exists -> {
          if (exists)
             throw CONFIG.configAlreadyDefined(name);
-         return cache.putAsync(key, new CacheState(null, parserRegistry.serialize(name, configuration), flags));
+         return cache.putAsync(key, new CacheState(null, configuration.toStringConfiguration(name), flags));
       }).thenApply(v -> null);
    }
 
@@ -215,7 +215,7 @@ public CompletionStage<Configuration> getOrCreateTemplate(String name, Configura
       assertNameLength(name);
       localConfigurationManager.validateFlags(flags);
       try {
-         final CacheState state = new CacheState(null, parserRegistry.serialize(name, configuration), flags);
+         final CacheState state = new CacheState(null, configuration.toStringConfiguration(name), flags);
          return getStateCache().putIfAbsentAsync(new ScopedState(TEMPLATE_SCOPE, name), state).thenApply((v) -> configuration);
       } catch (Exception e) {
          throw CONFIG.configurationSerializationFailed(name, configuration, e);
@@ -279,7 +279,7 @@ private CompletionStage<Object> createCacheInternal(String cacheName, String tem
       localConfigurationManager.validateFlags(flags);
       final CacheState state;
       try {
-         state = new CacheState(template, parserRegistry.serialize(cacheName, configuration), flags);
+         state = new CacheState(template, configuration.toStringConfiguration(cacheName), flags);
       } catch (Exception e) {
          throw CONFIG.configurationSerializationFailed(cacheName, configuration, e);
       }

@@ -18,13 +18,13 @@ protected void writeJdbcStoreAttributes(ConfigurationWriter writer, AbstractJdbc
    protected void writeJDBCStoreConnection(ConfigurationWriter writer, AbstractJdbcStoreConfiguration<?> configuration) {
       ConnectionFactoryConfiguration cfc = configuration.connectionFactory();
       if (cfc instanceof SimpleConnectionFactoryConfiguration) {
-         writeAttributes(writer, Element.SIMPLE_CONNECTION, ((SimpleConnectionFactoryConfiguration) cfc).attributes());
+         writeAttributes(writer, Element.SIMPLE_CONNECTION, cfc.attributes());
       } else if (cfc instanceof PooledConnectionFactoryConfiguration) {
-         writeAttributes(writer, Element.CONNECTION_POOL, ((PooledConnectionFactoryConfiguration) cfc).attributes());
+         writeAttributes(writer, Element.CONNECTION_POOL, cfc.attributes());
       } else if (cfc instanceof ManagedConnectionFactoryConfiguration) {
-         writeAttributes(writer, Element.DATA_SOURCE, ((ManagedConnectionFactoryConfiguration) cfc).attributes());
+         writeAttributes(writer, Element.DATA_SOURCE, cfc.attributes());
       } else if (cfc instanceof CDIConnectionFactoryConfiguration) {
-         writeAttributes(writer, Element.CDI_DATA_SOURCE, ((CDIConnectionFactoryConfiguration) cfc).attributes());
+         writeAttributes(writer, Element.CDI_DATA_SOURCE, cfc.attributes());
       }
    }
 

@@ -1,31 +1,35 @@
 package org.infinispan.persistence.jdbc.common.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
+
+import java.util.Objects;
+
 import org.infinispan.commons.configuration.attributes.Attribute;
 import org.infinispan.commons.configuration.attributes.AttributeDefinition;
 import org.infinispan.commons.configuration.attributes.AttributeSet;
 
 public abstract class AbstractUnmanagedConnectionFactoryConfiguration implements ConnectionFactoryConfiguration {
 
-   public static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.USERNAME, null, String.class).immutable().build();
-   public static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.PASSWORD, null, String.class).immutable().build();
-   public static final AttributeDefinition<String> DRIVER_CLASS = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.DRIVER, null, String.class).immutable().build();
+   public static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.USERNAME, null, String.class).serializer(SECRET).immutable().build();
+   public static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().build();
+   public static final AttributeDefinition<String> DRIVER = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.DRIVER, null, String.class).immutable().build();
    public static final AttributeDefinition<String> CONNECTION_URL = AttributeDefinition.builder(org.infinispan.persistence.jdbc.common.configuration.Attribute.CONNECTION_URL, null, String.class).immutable().build();
 
    private final Attribute<String> connectionUrl;
-   private final Attribute<String> driverClass;
+   private final Attribute<String> driver;
    private final Attribute<String> username;
    private final Attribute<String> password;
 
    protected AttributeSet attributes;
 
    public static AttributeSet attributeSet() {
-      return new AttributeSet(AbstractUnmanagedConnectionFactoryConfiguration.class, USERNAME, PASSWORD, DRIVER_CLASS, CONNECTION_URL);
+      return new AttributeSet(AbstractUnmanagedConnectionFactoryConfiguration.class, USERNAME, PASSWORD, DRIVER, CONNECTION_URL);
    }
 
    public AbstractUnmanagedConnectionFactoryConfiguration(AttributeSet attributes) {
       this.attributes = attributes.checkProtection();
       this.connectionUrl = attributes.attribute(CONNECTION_URL);
-      this.driverClass = attributes.attribute(DRIVER_CLASS);
+      this.driver = attributes.attribute(DRIVER);
       this.username = attributes.attribute(USERNAME);
       this.password = attributes.attribute(PASSWORD);
    }
@@ -35,7 +39,7 @@ public String connectionUrl() {
    }
 
    public String driverClass() {
-      return driverClass.get();
+      return driver.get();
    }
 
    public String username() {
@@ -53,11 +57,18 @@ public boolean equals(Object o) {
 
       AbstractUnmanagedConnectionFactoryConfiguration that = (AbstractUnmanagedConnectionFactoryConfiguration) o;
 
-      return attributes != null ? attributes.equals(that.attributes) : that.attributes == null;
+      return Objects.equals(attributes, that.attributes);
    }
 
    @Override
    public int hashCode() {
       return attributes != null ? attributes.hashCode() : 0;
    }
+
+   @Override
+   public String toString() {
+      return this.getClass().getName() +
+            "attributes=" + attributes +
+            '}';
+   }
 }

@@ -1,5 +1,6 @@
 package org.infinispan.persistence.jdbc.common.configuration;
 
+import org.infinispan.commons.configuration.attributes.AttributeSet;
 import org.infinispan.persistence.jdbc.common.connectionfactory.ConnectionFactory;
 
 /**
@@ -10,4 +11,6 @@
  */
 public interface ConnectionFactoryConfiguration {
    Class<? extends ConnectionFactory> connectionFactoryClass();
+
+   AttributeSet attributes();
 }

@@ -1,7 +1,7 @@
 package org.infinispan.persistence.jdbc.common.configuration;
 
 import static org.infinispan.persistence.jdbc.common.configuration.AbstractUnmanagedConnectionFactoryConfiguration.CONNECTION_URL;
-import static org.infinispan.persistence.jdbc.common.configuration.AbstractUnmanagedConnectionFactoryConfiguration.DRIVER_CLASS;
+import static org.infinispan.persistence.jdbc.common.configuration.AbstractUnmanagedConnectionFactoryConfiguration.DRIVER;
 import static org.infinispan.persistence.jdbc.common.configuration.AbstractUnmanagedConnectionFactoryConfiguration.PASSWORD;
 import static org.infinispan.persistence.jdbc.common.configuration.AbstractUnmanagedConnectionFactoryConfiguration.USERNAME;
 import static org.infinispan.persistence.jdbc.common.configuration.PooledConnectionFactoryConfiguration.PROPERTY_FILE;
@@ -45,12 +45,12 @@ public PooledConnectionFactoryConfigurationBuilder<S> connectionUrl(String conne
    }
 
    public PooledConnectionFactoryConfigurationBuilder<S> driverClass(Class<? extends Driver> driverClass) {
-      attributes.attribute(DRIVER_CLASS).set(driverClass.getName());
+      attributes.attribute(DRIVER).set(driverClass.getName());
       return this;
    }
 
    public PooledConnectionFactoryConfigurationBuilder<S> driverClass(String driverClass) {
-      attributes.attribute(DRIVER_CLASS).set(driverClass);
+      attributes.attribute(DRIVER).set(driverClass);
       return this;
    }
 

@@ -1,7 +1,7 @@
 package org.infinispan.persistence.jdbc.common.configuration;
 
 import static org.infinispan.persistence.jdbc.common.configuration.SimpleConnectionFactoryConfiguration.CONNECTION_URL;
-import static org.infinispan.persistence.jdbc.common.configuration.SimpleConnectionFactoryConfiguration.DRIVER_CLASS;
+import static org.infinispan.persistence.jdbc.common.configuration.SimpleConnectionFactoryConfiguration.DRIVER;
 import static org.infinispan.persistence.jdbc.common.configuration.SimpleConnectionFactoryConfiguration.PASSWORD;
 import static org.infinispan.persistence.jdbc.common.configuration.SimpleConnectionFactoryConfiguration.USERNAME;
 
@@ -39,12 +39,12 @@ public SimpleConnectionFactoryConfigurationBuilder<S> connectionUrl(String conne
    }
 
    public SimpleConnectionFactoryConfigurationBuilder<S> driverClass(Class<? extends Driver> driverClass) {
-      attributes.attribute(DRIVER_CLASS).set(driverClass.getName());
+      attributes.attribute(DRIVER).set(driverClass.getName());
       return this;
    }
 
    public SimpleConnectionFactoryConfigurationBuilder<S> driverClass(String driverClass) {
-      attributes.attribute(DRIVER_CLASS).set(driverClass);
+      attributes.attribute(DRIVER).set(driverClass);
       return this;
    }
 

@@ -1,7 +1,5 @@
 package org.infinispan.persistence.jdbc.configuration;
 
-import static org.testng.AssertJUnit.assertEquals;
-
 import org.infinispan.configuration.cache.StoreConfiguration;
 import org.infinispan.configuration.serializer.AbstractConfigurationSerializerTest;
 import org.infinispan.persistence.jdbc.common.configuration.AbstractJdbcStoreConfiguration;
@@ -14,7 +12,7 @@ protected void compareStoreConfiguration(String name, StoreConfiguration beforeS
       if (beforeStore instanceof AbstractJdbcStoreConfiguration) {
          AbstractJdbcStoreConfiguration before = (AbstractJdbcStoreConfiguration) beforeStore;
          AbstractJdbcStoreConfiguration after = (AbstractJdbcStoreConfiguration) afterStore;
-         assertEquals("Configuration " + name + " JDBC connection factory", before.connectionFactory(), after.connectionFactory());
+         compareAttributeSets("Configuration " + name + " JDBC connection factory", before.connectionFactory().attributes(), after.connectionFactory().attributes(), "username", "password");
       }
       if (beforeStore instanceof JdbcStringBasedStoreConfiguration) {
          JdbcStringBasedStoreConfiguration before = (JdbcStringBasedStoreConfiguration) beforeStore;

@@ -1,5 +1,7 @@
 package org.infinispan.persistence.remote.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
+
 import org.infinispan.commons.configuration.attributes.AttributeDefinition;
 import org.infinispan.commons.configuration.attributes.AttributeSet;
 import org.infinispan.commons.configuration.attributes.ConfigurationElement;
@@ -12,7 +14,7 @@ public class KeyStoreConfiguration extends ConfigurationElement<KeyStoreConfigur
 
    static final AttributeDefinition<String> KEYSTORE_FILENAME = AttributeDefinition.builder(Attribute.FILENAME, null, String.class).immutable().autoPersist(false).build();
    static final AttributeDefinition<String> KEYSTORE_TYPE = AttributeDefinition.builder(Attribute.TYPE, "JKS", String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> KEYSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> KEYSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
    static final AttributeDefinition<String> KEY_ALIAS = AttributeDefinition.builder(Attribute.KEY_ALIAS, null, String.class).immutable().autoPersist(false).build();
 
    static AttributeSet attributeDefinitionSet() {

@@ -1,5 +1,6 @@
 package org.infinispan.persistence.remote.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
 import static org.infinispan.persistence.remote.configuration.Element.AUTH_DIGEST;
 import static org.infinispan.persistence.remote.configuration.Element.AUTH_EXTERNAL;
 import static org.infinispan.persistence.remote.configuration.Element.AUTH_PLAIN;
@@ -11,10 +12,10 @@
 
 public class MechanismConfiguration {
 
-   static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder("username", null, String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder("password", null, String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> REALM = AttributeDefinition.builder("realm", null, String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> SASL_MECHANISM = AttributeDefinition.builder("sasl-mechanism", null, String.class)
+   static final AttributeDefinition<String> USERNAME = AttributeDefinition.builder(Attribute.USERNAME, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> REALM = AttributeDefinition.builder(Attribute.REALM, null, String.class).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> SASL_MECHANISM = AttributeDefinition.builder(Attribute.SASL_MECHANISM, null, String.class)
          .immutable().autoPersist(false).build();
    private final AttributeSet attributes;
 

@@ -4,6 +4,7 @@
 
 import org.infinispan.client.hotrod.ProtocolVersion;
 import org.infinispan.client.hotrod.impl.ConfigurationProperties;
+import org.infinispan.client.hotrod.impl.HotRodURI;
 import org.infinispan.client.hotrod.impl.transport.tcp.RoundRobinBalancingStrategy;
 import org.infinispan.commons.configuration.BuiltBy;
 import org.infinispan.commons.configuration.ConfigurationFor;
@@ -39,8 +40,7 @@ public class RemoteStoreConfiguration extends AbstractStoreConfiguration<RemoteS
    static final AttributeDefinition<String> REMOTE_CACHE_CONTAINER = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.REMOTE_CACHE_CONTAINER, "").immutable().build();
    static final AttributeDefinition<String> REMOTE_CACHE_NAME = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.REMOTE_CACHE_NAME, "").immutable().build();
 
-   static final AttributeDefinition<String> URI = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.URI, null, String.class).immutable()
-         .build();
+   static final AttributeDefinition<String> URI = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.URI, null, String.class).immutable().serializer((writer, name, value) -> writer.writeAttribute(name, HotRodURI.create(value).toString(writer.clearTextSecrets()))).build();
 
    static final AttributeDefinition<Long> SOCKET_TIMEOUT = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.SOCKET_TIMEOUT, (long) ConfigurationProperties.DEFAULT_SO_TIMEOUT).build();
    static final AttributeDefinition<Boolean> TCP_NO_DELAY = AttributeDefinition.builder(org.infinispan.persistence.remote.configuration.Attribute.TCP_NO_DELAY, true).build();

@@ -13,12 +13,11 @@
  * @since 9.1
  */
 public class SslConfiguration extends ConfigurationElement<SslConfiguration> {
-   static final AttributeDefinition<Boolean> ENABLED = AttributeDefinition.builder("enabled", false, Boolean.class).immutable().autoPersist(false).build();
+   static final AttributeDefinition<Boolean> ENABLED = AttributeDefinition.builder(Attribute.ENABLED, false, Boolean.class).immutable().autoPersist(false).build();
    static final AttributeDefinition<SSLContext> SSL_CONTEXT = AttributeDefinition.builder("sslContext", null, SSLContext.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> SNI_HOSTNAME = AttributeDefinition.builder("sniHostname", null, String.class).immutable().build();
+   static final AttributeDefinition<String> SNI_HOSTNAME = AttributeDefinition.builder(Attribute.SNI_HOSTNAME, null, String.class).immutable().build();
    static final AttributeDefinition<Boolean> HOSTNAME_VALIDATION = AttributeDefinition.builder("ssl-hostname-validation", true).immutable().build();
-   static final AttributeDefinition<String> PROTOCOL = AttributeDefinition.builder("protocol", null, String.class).immutable().build();
-
+   static final AttributeDefinition<String> PROTOCOL = AttributeDefinition.builder(Attribute.PROTOCOL, null, String.class).immutable().build();
    static AttributeSet attributeDefinitionSet() {
       return new AttributeSet(SslConfiguration.class, ENABLED, SNI_HOSTNAME,HOSTNAME_VALIDATION, PROTOCOL);
    }

@@ -1,5 +1,7 @@
 package org.infinispan.persistence.remote.configuration;
 
+import static org.infinispan.commons.configuration.attributes.AttributeSerializer.SECRET;
+
 import org.infinispan.commons.configuration.attributes.AttributeDefinition;
 import org.infinispan.commons.configuration.attributes.AttributeSet;
 import org.infinispan.commons.configuration.attributes.ConfigurationElement;
@@ -9,7 +11,7 @@ public class TrustStoreConfiguration extends ConfigurationElement<TrustStoreConf
 
    static final AttributeDefinition<String> TRUSTSTORE_FILENAME = AttributeDefinition.builder(Attribute.FILENAME, null, String.class).immutable().autoPersist(false).build();
    static final AttributeDefinition<String> TRUSTSTORE_TYPE = AttributeDefinition.builder(Attribute.TYPE, "JKS", String.class).immutable().autoPersist(false).build();
-   static final AttributeDefinition<String> TRUSTSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).immutable().autoPersist(false).build();
+   static final AttributeDefinition<String> TRUSTSTORE_PASSWORD = AttributeDefinition.builder(Attribute.PASSWORD, null, String.class).serializer(SECRET).immutable().autoPersist(false).build();
 
    static AttributeSet attributeDefinitionSet() {
       return new AttributeSet(TrustStoreConfiguration.class, TRUSTSTORE_FILENAME, TRUSTSTORE_TYPE, TRUSTSTORE_PASSWORD);

@@ -7,9 +7,7 @@
 import java.io.IOException;
 
 import org.infinispan.commons.configuration.io.ConfigurationResourceResolvers;
-import org.infinispan.commons.configuration.io.ConfigurationWriter;
 import org.infinispan.commons.dataconversion.internal.Json;
-import org.infinispan.commons.io.StringBuilderWriter;
 import org.infinispan.configuration.cache.Configuration;
 import org.infinispan.configuration.cache.ConfigurationBuilder;
 import org.infinispan.configuration.parsing.ConfigurationBuilderHolder;
@@ -33,11 +31,8 @@ public static String toJson(RemoteStoreConfiguration configuration) {
       ConfigurationBuilder builder = new ConfigurationBuilder();
       RemoteStoreConfigurationBuilder storeBuilder = builder.persistence().addStore(RemoteStoreConfigurationBuilder.class);
       storeBuilder.read(configuration);
-      StringBuilderWriter sw = new StringBuilderWriter();
-      try (ConfigurationWriter w = ConfigurationWriter.to(sw).withType(APPLICATION_JSON).build()) {
-         parserRegistry.serialize(w, null, builder.build());
-      }
-      return Json.read(sw.toString()).at("local-cache").at("persistence").toString();
+      String stringConfiguration = builder.build().toStringConfiguration(null, APPLICATION_JSON, true);
+      return Json.read(stringConfiguration).at("local-cache").at("persistence").toString();
    }
 
    public static RemoteStoreConfiguration fromJson(String json) throws IOException {

@@ -1,7 +1,5 @@
 package org.infinispan.persistence.sql.configuration;
 
-import static org.testng.AssertJUnit.assertEquals;
-
 import org.infinispan.configuration.cache.StoreConfiguration;
 import org.infinispan.configuration.serializer.AbstractConfigurationSerializerTest;
 import org.infinispan.persistence.jdbc.common.configuration.AbstractJdbcStoreConfiguration;
@@ -15,7 +13,7 @@ protected void compareStoreConfiguration(String name, StoreConfiguration beforeS
       if (beforeStore instanceof AbstractJdbcStoreConfiguration) {
          AbstractJdbcStoreConfiguration before = (AbstractJdbcStoreConfiguration) beforeStore;
          AbstractJdbcStoreConfiguration after = (AbstractJdbcStoreConfiguration) afterStore;
-         assertEquals("Configuration " + name + " JDBC connection factory", before.connectionFactory(), after.connectionFactory());
+         compareAttributeSets("Configuration " + name + " JDBC connection factory", before.connectionFactory().attributes(), after.connectionFactory().attributes(), "username", "password");
       }
       if (beforeStore instanceof QueriesJdbcStoreConfiguration) {
          QueriesJdbcStoreConfiguration before = (QueriesJdbcStoreConfiguration) beforeStore;

@@ -9,7 +9,7 @@
 
 public class JdbcConfigurationUtil {
 
-    private PooledConnectionFactoryConfigurationBuilder persistenceConfiguration;
+    private PooledConnectionFactoryConfigurationBuilder<?> persistenceConfiguration;
     private final ConfigurationBuilder configurationBuilder;
     private final CacheMode cacheMode;
 
@@ -53,7 +53,7 @@ public JdbcConfigurationUtil setEviction() {
         return this;
     }
 
-    public PooledConnectionFactoryConfigurationBuilder getPersistenceConfiguration() {
+    public PooledConnectionFactoryConfigurationBuilder<?> getPersistenceConfiguration() {
         return this.persistenceConfiguration;
     }
 

@@ -92,7 +92,7 @@ public void testPreload(Database database) throws Exception {
      */
     @ParameterizedTest
     @ArgumentsSource(Common.DatabaseProvider.class)
-    public void testDefaultTwoWayKey2StringMapper(Database database) throws Exception {
+    public void testDefaultTwoWayKey2StringMapper(Database database) {
         JdbcConfigurationUtil jdbcUtil = new JdbcConfigurationUtil(CacheMode.REPL_SYNC, database, false, true)
                 .setLockingConfigurations();
         RemoteCache<Object, Object> cache = SERVERS.hotrod().withServerConfiguration(jdbcUtil.getConfigurationBuilder()).create();