The Generic REST AFX Connector does not encrypt Additional Parameters when they are defined as Encrypted in RSA Identity Governance & Lifecycle. Once the connector deploys, the connector configuration file $AVEKSA_HOME/AFX/esb/apps/AFX-CONN-<connector-name>/connector-flow.xml) shows the value in clear text.

This problem is best illustrated with an example. In the example below an additional parameter has been added to a Generic REST Connector to contain a password value. Because it is a password, the value is defined to be encrypted. In the RSA Identity Governance & Lifecycle user interface go to AFX > Connectors > {Name of Generic REST Connector} > Edit > Settings tab > Add More Parameters button.
 
The new field is added to the bottom of the Settings tab page. The new value is used in the body of the Login capability of the connector. AFX > Connectors > {Name of Generic REST Connector} > Edit > Capabilities tab > Login.
 

After the connector is saved and redeployed, the connector configuration file ($AVEKSA_HOME/AFX/esb/apps/AFX-CONN-<connector-name>/connector-flow.xml) shows the value in clear text:

<body>&lt;username&gt;AveksaAdmin&lt;/username&gt;&lt;password&gt;<Password>&lt;/password&gt;</body>

The expected content of the configuration file is output similar to the following:

<body>&lt;username&gt;AveksaAdmin&lt;/username&gt;
&lt;password&gt;ENCAx8w(u+pIwCc+Y1Vkwk5NMdiTkkiBwwOrRafwUnQSAx3bdpiGZMQCcxfTyQ==)&lt;/password&gt;</body>