The APM database password specified in tess-db-cfg.xml does not encrypt even though the property "plainTextPasswords" is set to "true".
APM database passwords, specified in tess-db-cfg.xml, should encrypt upon EM restart if the property "plainTextPasswords" is set to "true". Should this not occur, this may due to introscope.enterprisemanager.tess.enabled=false is specified in the IntroscopeEnterpriseManager.properties file. This property disables certain CEM related process, including the encrypting of the APM database password in tess-db-config.xml. This property is true by default and should only be set to false for troubleshooting purposes when working with CA Support. It is extremely highly recommended not to have this property set to false in a production environment.
To resolve this issue, ensure that introscope.enterprisemanager.tess.enabled=true is set in your IntroscopeEnterpriseManager.properties file and restart your EM. Alternatively you could delete the property, save the file and restart your EM. By default the property is set to true. Note that no manual process exists to encrypt the APM database password.
How to change the APM Postgres database connection settings after an install
As always, contact CA Support for further questions.