diff --git a/.gitignore b/.gitignore
index 310c07f..dfb8072 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ target
 .project
 .settings
 .idea/
+/*.iml
diff --git a/README.md b/README.md
index c2a0a00..a77650e 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,22 @@ Otherwise you may enter address and credentials explicitly:
 ## Configuration
 
 After installation, go to the AEM *Tools* page and choose *Secure AEM* from the list on the left. The application tries to find author, publish and dispatcher URLs automatically, but you may want to confirm that they have been recognized correctly. In order to do that click *Edit* on the Settings bar and optionally correct addresses. That's it. Wait for a moment until the tests are done and check the results.
-
+####Osgi configuration
+Application also allows Osgi configuration. To enable this option configuration for `SecureAemGlobalConfiguration` Osgi service needs to be provided (this will automatically take precedence over global config available on Secure Aem page configuration). Here is an example configuration file:
+File name: `com.cognifide.secureaem.sling.SecureAemGlobalConfiguration.xml`
+```<?xml version="1.0" encoding="UTF-8"?>
+   <jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
+             jcr:primaryType="sling:OsgiConfig"
+             dispatcher.url="https://www.tested-site.com"
+             author.url="http://localhost:4502"
+             author.login="admin"
+             author.password="{String}{5f4d2406e9fd5f452871b373cc2810905fb53e133684f48ff96859b15f7a4615}"
+             publish.url="http://localhost:4503"
+             publish.login="admin"
+             publish.password="{String}{5f4d2406e9fd5f452871b373cc2810905fb53e133684f48ff96859b15f7a4615}"/>
+```
+
+`author.password` and `publish.password` properties can be provided as a plain text or as encrypted values created via `/system/console/crypto` console (which is a recommended way).
 ## CLI version
 
 Sometimes you may want to check remote AEM instance. *Secure AEM* may be compiled in the standalone mode and used from the CLI, without any additional dependencies. In order to build application this way, enter:
diff --git a/pom.xml b/pom.xml
index 9d17dca..d9c0834 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,336 +1,358 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-	<parent>
-		<groupId>org.sonatype.oss</groupId>
-		<artifactId>oss-parent</artifactId>
-		<version>7</version>
-	</parent>
-	<modelVersion>4.0.0</modelVersion>
-	<groupId>com.cognifide.secureaem</groupId>
-	<artifactId>secure-aem</artifactId>
-	<version>1.3.3-SNAPSHOT</version>
-	<packaging>${packaging.type}</packaging>
-	<name>Secure AEM</name>
-	<description>This application provides detailed security report for your AEM installation. After installation it's available in the 'Tools' page.</description>
-	<url>https://github.com/Cognifide/SecureCQ</url>
-	<licenses>
-		<license>
-			<name>The Apache Software License, Version 2.0</name>
-			<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
-			<distribution>repo</distribution>
-		</license>
-	</licenses>
-	<inceptionYear>2013</inceptionYear>
-	<properties>
-		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-		<maven.build.timestamp.format>yyyyMMdd-HHmmss</maven.build.timestamp.format>
-		<instance.url>http://localhost:4502</instance.url>
-		<instance.username>admin</instance.username>
-		<instance.password>admin</instance.password>
-		<assembly.name>secure-aem</assembly.name>
-	</properties>
-	<scm>
-		<connection>scm:git:https://github.com/Cognifide/SecureCQ.git</connection>
-		<developerConnection>scm:git:https://github.com/Cognifide/SecureCQ.git</developerConnection>
-		<url>https://github.com/Cognifide/SecureCQ.git</url>
-	</scm>
-	<organization>
-		<name>Cognifide</name>
-		<url>http://www.cognifide.com</url>
-	</organization>
-	<developers>
-		<developer>
-			<name>Tomasz Rękawek</name>
-			<email>tomasz.rekawek@cognifide.com</email>
-			<organization>Cognifide</organization>
-		</developer>
-	</developers>
-	<repositories>
-		<repository>
-			<id>adobe-public-releases</id>
-			<url>http://repo.adobe.com/nexus/content/groups/public</url>
-		</repository>
-	</repositories>
-	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-gpg-plugin</artifactId>
-				<version>1.6</version>
-				<executions>
-					<execution>
-						<id>sign-artifacts</id>
-						<phase>verify</phase>
-						<goals>
-							<goal>sign</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.5.1</version>
-				<configuration>
-					<source>1.8</source>
-					<target>1.8</target>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.felix</groupId>
-				<artifactId>maven-scr-plugin</artifactId>
-				<version>1.22.0</version>
-				<executions>
-					<execution>
-						<id>generate-scr-scrdescriptor</id>
-						<goals>
-							<goal>scr</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.felix</groupId>
-				<artifactId>maven-bundle-plugin</artifactId>
-				<version>3.2.0</version>
-				<extensions>true</extensions>
-				<configuration>
-					<instructions>
-						<Bundle-Category>cq5</Bundle-Category>
-						<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
-						<Bundle-Name>${project.name}</Bundle-Name>
-						<Bundle-Vendor>${project.organization.name}</Bundle-Vendor>
-						<Embed-Dependency>*;artifactId=httpclient|httpcore|gson|commons-lang3|commons-cli</Embed-Dependency>
-					</instructions>
-				</configuration>
-			</plugin>
-			<plugin>
-				<artifactId>maven-assembly-plugin</artifactId>
-				<version>2.6</version>
-				<configuration>
-					<finalName>${assembly.name}-${project.version}</finalName>
-					<appendAssemblyId>false</appendAssemblyId>
-					<descriptors>
-						<descriptor>src/main/assembly/${assembly.descriptor}.xml</descriptor>
-					</descriptors>
-					<archive>
-						<manifest>
-							<mainClass>com.cognifide.secureaem.cli.Main</mainClass>
-						</manifest>
-					</archive>
-				</configuration>
-				<executions>
-					<execution>
-						<phase>package</phase>
-						<goals>
-							<goal>single</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<groupId>com.cognifide.maven.plugins</groupId>
-				<artifactId>maven-crx-plugin</artifactId>
-				<version>1.0.3</version>
-				<configuration>
-					<!-- packageFileName>${project.build.directory}/${assembly.name}-${project.version}-${assembly.descriptor}.zip</packageFileName -->
-					<!-- packageName>${assembly.name}-${assembly.descriptor}</packageName -->
-					<url>${instance.url}</url>
-					<user>${instance.username}</user>
-					<password>${instance.password}</password>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-source-plugin</artifactId>
-				<version>3.0.1</version>
-				<executions>
-					<execution>
-						<id>attach-sources</id>
-						<goals>
-							<goal>jar</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>2.10.4</version>
-				<executions>
-					<execution>
-						<id>attach-javadocs</id>
-						<goals>
-							<goal>jar</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-		</plugins>
-		<pluginManagement>
-			<plugins>
-				<!--This plugin's configuration is used to store Eclipse m2e settings 
-					only. It has no influence on the Maven build itself. -->
-				<plugin>
-					<groupId>org.eclipse.m2e</groupId>
-					<artifactId>lifecycle-mapping</artifactId>
-					<version>1.0.0</version>
-					<configuration>
-						<lifecycleMappingMetadata>
-							<pluginExecutions>
-								<pluginExecution>
-									<pluginExecutionFilter>
-										<groupId>org.apache.felix</groupId>
-										<artifactId>maven-scr-plugin</artifactId>
-										<versionRange>[1.7.2,)</versionRange>
-										<goals>
-											<goal>scr</goal>
-										</goals>
-									</pluginExecutionFilter>
-									<action>
-										<ignore />
-									</action>
-								</pluginExecution>
-							</pluginExecutions>
-						</lifecycleMappingMetadata>
-					</configuration>
-				</plugin>
-			</plugins>
-		</pluginManagement>
-	</build>
-	<dependencies>
-		<!-- sling & jcr -->
-		<dependency>
-			<groupId>org.apache.sling</groupId>
-			<artifactId>org.apache.sling.api</artifactId>
-			<version>2.2.0</version>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.felix</groupId>
-			<artifactId>org.apache.felix.scr.annotations</artifactId>
-			<version>1.9.0</version>
-			<scope>provided</scope>
-		</dependency>
-		<!-- javax -->
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>servlet-api</artifactId>
-			<version>2.4</version>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>javax.jcr</groupId>
-			<artifactId>jcr</artifactId>
-			<version>2.0</version>
-			<scope>provided</scope>
-		</dependency>
-		<!-- adobe -->
-		<dependency>
-			<groupId>com.day.cq</groupId>
-			<artifactId>cq-replication</artifactId>
-			<version>5.4.2</version>
-			<scope>provided</scope>
-		</dependency>
-		<dependency>
-			<groupId>com.day.cq</groupId>
-			<artifactId>cq-commons</artifactId>
-			<version>5.4.6</version>
-			<scope>provided</scope>
-		</dependency>
-		<!-- common java libs -->
-		<dependency>
-			<groupId>org.apache.commons</groupId>
-			<artifactId>commons-lang3</artifactId>
-			<version>3.4</version>
-		</dependency>
-		<dependency>
-			<groupId>commons-cli</groupId>
-			<artifactId>commons-cli</artifactId>
-			<version>1.2</version>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-			<artifactId>httpclient</artifactId>
-			<version>4.2.3</version>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-			<artifactId>httpcore</artifactId>
-			<version>4.2.3</version>
-		</dependency>
-		<!-- gson -->
-		<dependency>
-			<groupId>com.google.code.gson</groupId>
-			<artifactId>gson</artifactId>
-			<version>2.7</version>
-		</dependency>
-	</dependencies>
-	<profiles>
-		<profile>
-			<id>aem</id>
-			<activation>
-				<activeByDefault>true</activeByDefault>
-			</activation>
-			<properties>
-				<assembly.descriptor>aem</assembly.descriptor>
-				<packaging.type>bundle</packaging.type>
-			</properties>
-			<dependencies>
-				<dependency>
-					<groupId>org.slf4j</groupId>
-					<artifactId>slf4j-api</artifactId>
-					<version>1.5.8</version>
-					<scope>provided</scope>
-				</dependency>
-			</dependencies>
-		</profile>
-		<profile>
-			<id>cli</id>
-			<activation>
-				<property>
-					<name>performRelease</name>
-					<value>true</value>
-				</property>
-			</activation>
-			<properties>
-				<assembly.descriptor>cli</assembly.descriptor>
-				<packaging.type>jar</packaging.type>
-			</properties>
-			<dependencies>
-				<dependency>
-					<groupId>org.slf4j</groupId>
-					<artifactId>slf4j-simple</artifactId>
-					<version>1.7.21</version>
-				</dependency>
-			</dependencies>
-		</profile>
-		<profile>
-			<id>release-sign-artifacts</id>
-			<activation>
-				<property>
-					<name>performRelease</name>
-					<value>true</value>
-				</property>
-			</activation>
-			<build>
-				<plugins>
-					<plugin>
-						<groupId>org.apache.maven.plugins</groupId>
-						<artifactId>maven-gpg-plugin</artifactId>
-						<version>1.6</version>
-						<executions>
-							<execution>
-								<id>sign-artifacts</id>
-								<phase>verify</phase>
-								<goals>
-									<goal>sign</goal>
-								</goals>
-							</execution>
-						</executions>
-					</plugin>
-				</plugins>
-			</build>
-		</profile>
-	</profiles>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <parent>
+        <groupId>org.sonatype.oss</groupId>
+        <artifactId>oss-parent</artifactId>
+        <version>7</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.cognifide.secureaem</groupId>
+    <artifactId>secure-aem</artifactId>
+    <version>1.3.3-SNAPSHOT</version>
+    <packaging>${packaging.type}</packaging>
+    <name>Secure AEM</name>
+    <description>This application provides detailed security report for your AEM installation. After installation it's
+        available in the 'Tools' page.
+    </description>
+    <url>https://github.com/Cognifide/SecureCQ</url>
+    <licenses>
+        <license>
+            <name>The Apache Software License, Version 2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+            <distribution>repo</distribution>
+        </license>
+    </licenses>
+    <inceptionYear>2013</inceptionYear>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+        <maven.build.timestamp.format>yyyyMMdd-HHmmss</maven.build.timestamp.format>
+        <instance.url>http://localhost:4502</instance.url>
+        <instance.username>admin</instance.username>
+        <instance.password>admin</instance.password>
+        <assembly.name>secure-aem</assembly.name>
+    </properties>
+    <scm>
+        <connection>scm:git:https://github.com/Cognifide/SecureCQ.git</connection>
+        <developerConnection>scm:git:https://github.com/Cognifide/SecureCQ.git</developerConnection>
+        <url>https://github.com/Cognifide/SecureCQ.git</url>
+    </scm>
+    <organization>
+        <name>Cognifide</name>
+        <url>http://www.cognifide.com</url>
+    </organization>
+    <developers>
+        <developer>
+            <name>Tomasz Rękawek</name>
+            <email>tomasz.rekawek@cognifide.com</email>
+            <organization>Cognifide</organization>
+        </developer>
+    </developers>
+    <repositories>
+        <repository>
+            <id>adobe-public-releases</id>
+            <url>http://repo.adobe.com/nexus/content/groups/public</url>
+        </repository>
+    </repositories>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>1.6</version>
+                <executions>
+                    <execution>
+                        <id>sign-artifacts</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.5.1</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+                <version>1.22.0</version>
+                <executions>
+                    <execution>
+                        <id>generate-scr-scrdescriptor</id>
+                        <goals>
+                            <goal>scr</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <version>3.2.0</version>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Bundle-Category>cq5</Bundle-Category>
+                        <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
+                        <Bundle-Name>${project.name}</Bundle-Name>
+                        <Bundle-Vendor>${project.organization.name}</Bundle-Vendor>
+                        <Embed-Dependency>*;artifactId=httpclient|httpcore|gson|commons-lang3|commons-cli
+                        </Embed-Dependency>
+                    </instructions>
+                </configuration>
+            </plugin>
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.6</version>
+                <configuration>
+                    <finalName>${assembly.name}-${project.version}</finalName>
+                    <appendAssemblyId>false</appendAssemblyId>
+                    <descriptors>
+                        <descriptor>src/main/assembly/${assembly.descriptor}.xml</descriptor>
+                    </descriptors>
+                    <archive>
+                        <manifest>
+                            <mainClass>com.cognifide.secureaem.cli.Main</mainClass>
+                        </manifest>
+                    </archive>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>com.cognifide.maven.plugins</groupId>
+                <artifactId>maven-crx-plugin</artifactId>
+                <version>1.0.3</version>
+                <configuration>
+                    <!-- packageFileName>${project.build.directory}/${assembly.name}-${project.version}-${assembly.descriptor}.zip</packageFileName -->
+                    <!-- packageName>${assembly.name}-${assembly.descriptor}</packageName -->
+                    <url>${instance.url}</url>
+                    <user>${instance.username}</user>
+                    <password>${instance.password}</password>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>3.0.1</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>2.10.4</version>
+                <executions>
+                    <execution>
+                        <id>attach-javadocs</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+        <pluginManagement>
+            <plugins>
+                <!--This plugin's configuration is used to store Eclipse m2e settings
+                    only. It has no influence on the Maven build itself. -->
+                <plugin>
+                    <groupId>org.eclipse.m2e</groupId>
+                    <artifactId>lifecycle-mapping</artifactId>
+                    <version>1.0.0</version>
+                    <configuration>
+                        <lifecycleMappingMetadata>
+                            <pluginExecutions>
+                                <pluginExecution>
+                                    <pluginExecutionFilter>
+                                        <groupId>org.apache.felix</groupId>
+                                        <artifactId>maven-scr-plugin</artifactId>
+                                        <versionRange>[1.7.2,)</versionRange>
+                                        <goals>
+                                            <goal>scr</goal>
+                                        </goals>
+                                    </pluginExecutionFilter>
+                                    <action>
+                                        <ignore/>
+                                    </action>
+                                </pluginExecution>
+                            </pluginExecutions>
+                        </lifecycleMappingMetadata>
+                    </configuration>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+    </build>
+    <dependencies>
+        <!-- sling & jcr -->
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.api</artifactId>
+            <version>2.2.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.commons.osgi</artifactId>
+            <version>2.2.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.apache.felix.scr.annotations</artifactId>
+            <version>1.9.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- javax -->
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.4</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.jcr</groupId>
+            <artifactId>jcr</artifactId>
+            <version>2.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- adobe -->
+        <dependency>
+            <groupId>com.day.cq</groupId>
+            <artifactId>cq-replication</artifactId>
+            <version>5.4.2</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.day.cq</groupId>
+            <artifactId>cq-commons</artifactId>
+            <version>5.4.6</version>
+            <scope>provided</scope>
+        </dependency>
+        <!-- common java libs -->
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.4</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-cli</groupId>
+            <artifactId>commons-cli</artifactId>
+            <version>1.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>4.2.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore</artifactId>
+            <version>4.2.3</version>
+        </dependency>
+        <!-- gson -->
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.7</version>
+        </dependency><!-- https://mvnrepository.com/artifact/org.apache.sling/org.apache.sling.servlets.post -->
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.servlets.post</artifactId>
+            <version>2.3.6</version>
+            <scope>provided</scope>
+        </dependency><!-- https://mvnrepository.com/artifact/com.adobe.granite/com.adobe.granite.crypto -->
+        <dependency>
+            <groupId>com.adobe.granite</groupId>
+            <artifactId>com.adobe.granite.crypto</artifactId>
+            <version>0.0.24</version>
+        </dependency>
+
+    </dependencies>
+    <profiles>
+        <profile>
+            <id>aem</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <properties>
+                <assembly.descriptor>aem</assembly.descriptor>
+                <packaging.type>bundle</packaging.type>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                    <version>1.5.8</version>
+                    <scope>provided</scope>
+                </dependency>
+            </dependencies>
+        </profile>
+        <profile>
+            <id>cli</id>
+            <activation>
+                <property>
+                    <name>performRelease</name>
+                    <value>true</value>
+                </property>
+            </activation>
+            <properties>
+                <assembly.descriptor>cli</assembly.descriptor>
+                <packaging.type>jar</packaging.type>
+            </properties>
+            <dependencies>
+                <dependency>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-simple</artifactId>
+                    <version>1.7.21</version>
+                </dependency>
+            </dependencies>
+        </profile>
+        <profile>
+            <id>release-sign-artifacts</id>
+            <activation>
+                <property>
+                    <name>performRelease</name>
+                    <value>true</value>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-gpg-plugin</artifactId>
+                        <version>1.6</version>
+                        <executions>
+                            <execution>
+                                <id>sign-artifacts</id>
+                                <phase>verify</phase>
+                                <goals>
+                                    <goal>sign</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
 </project>
diff --git a/src/main/aem/jcr_root/apps/cognifide/secureaem/components/abstractTest/json.java b/src/main/aem/jcr_root/apps/cognifide/secureaem/components/abstractTest/json.java
deleted file mode 100644
index e36d8b6..0000000
--- a/src/main/aem/jcr_root/apps/cognifide/secureaem/components/abstractTest/json.java
+++ /dev/null
@@ -1,4 +0,0 @@
-package apps.cognifide.secureaem.components.abstractTest;
-
-public class json extends com.cognifide.secureaem.sling.TestInvoker {
-}
diff --git a/src/main/aem/jcr_root/apps/cognifide/secureaem/renderers/mainRenderer/dialog.xml b/src/main/aem/jcr_root/apps/cognifide/secureaem/renderers/mainRenderer/dialog.xml
index 2b448d7..24f6111 100644
--- a/src/main/aem/jcr_root/apps/cognifide/secureaem/renderers/mainRenderer/dialog.xml
+++ b/src/main/aem/jcr_root/apps/cognifide/secureaem/renderers/mainRenderer/dialog.xml
@@ -25,26 +25,40 @@
                             fieldLabel="Author URL"
                             name="./author"
                             xtype="textfield"/>
-                        <authorCredentials
+                        <authorLogin
                             jcr:primaryType="cq:Widget"
                             allowBlank="false"
-                            fieldLabel="Author Credentials"
-                            name="./authorCredentials"
-                            defaultValue="admin:admin"
+                            fieldLabel="Author Login"
+                            name="./authorLogin"
+                            defaultValue="admin"
                             xtype="textfield"/>
+                        <authorPassword
+                            jcr:primaryType="cq:Widget"
+                            allowBlank="false"
+                            fieldLabel="Author password"
+                            name="./authorPassword"
+                            defaultValue="admin"
+                            xtype="password"/>
                         <publish
                             jcr:primaryType="cq:Widget"
                             allowBlank="true"
                             fieldLabel="Publish URL"
                             name="./publish"
                             xtype="textfield"/>
-                        <publishCredentials
+                        <publishLogin
                             jcr:primaryType="cq:Widget"
                             allowBlank="true"
-                            fieldLabel="Publish Credentials"
-                            name="./publishCredentials"
-                            defaultValue="admin:admin"
+                            fieldLabel="Publish Login"
+                            name="./publishLogin"
+                            defaultValue="admin"
                             xtype="textfield"/>
+                        <publishPassword
+                            jcr:primaryType="cq:Widget"
+                            allowBlank="false"
+                            fieldLabel="Publish password"
+                            name="./publishPassword"
+                            defaultValue="admin"
+                            xtype="password"/>
                     </items>
                 </configuration>
             </items>
diff --git a/src/main/java/com/cognifide/secureaem/GlobalConfiguration.java b/src/main/java/com/cognifide/secureaem/GlobalConfiguration.java
new file mode 100644
index 0000000..cf59860
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/GlobalConfiguration.java
@@ -0,0 +1,17 @@
+package com.cognifide.secureaem;
+
+public interface GlobalConfiguration {
+	String getDispatcherUrl();
+
+	String getAuthor();
+
+	String getAuthorLogin();
+
+	String getAuthorPassword();
+
+	String getPublish();
+
+	String getPublishLogin();
+
+	String getPublishPassword();
+}
diff --git a/src/main/java/com/cognifide/secureaem/TestConfiguration.java b/src/main/java/com/cognifide/secureaem/TestConfiguration.java
new file mode 100644
index 0000000..6cb73d3
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/TestConfiguration.java
@@ -0,0 +1,11 @@
+package com.cognifide.secureaem;
+
+/**
+ * Configuration of particular test
+ */
+public interface TestConfiguration {
+
+	String getStringValue(String name, String defaultValue);
+
+	String[] getStringList(String name);
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/ConfigurationProvider.java b/src/main/java/com/cognifide/secureaem/sling/ConfigurationProvider.java
new file mode 100644
index 0000000..01a530e
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/ConfigurationProvider.java
@@ -0,0 +1,42 @@
+package com.cognifide.secureaem.sling;
+
+import com.adobe.granite.crypto.CryptoSupport;
+import com.cognifide.secureaem.Configuration;
+import com.cognifide.secureaem.GlobalConfiguration;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.SlingHttpServletRequest;
+
+@Component
+@Service(ConfigurationProvider.class)
+public class ConfigurationProvider {
+
+	@Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY,
+			policy = ReferencePolicy.DYNAMIC,
+			referenceInterface = SecureAemGlobalConfiguration.class,
+			bind = "bind", unbind = "unbind")
+	private SecureAemGlobalConfiguration globalConfiguration;
+
+	@Reference
+	private CryptoSupport cryptoSupport;
+
+	public Configuration createConfiguration(SlingHttpServletRequest request) {
+		ResourceTestConfiguration testConfiguration = new ResourceTestConfiguration(request);
+		GlobalConfiguration globalConfig = globalConfiguration;
+		if (globalConfig == null) {
+			globalConfig = new ResourceGlobalConfiguration(request, cryptoSupport);
+		}
+		return new ConfigurationWrapper(globalConfig, testConfiguration);
+	}
+
+	public void bind(SecureAemGlobalConfiguration globalConfiguration) {
+		this.globalConfiguration = globalConfiguration;
+	}
+
+	public void unbind(SecureAemGlobalConfiguration globalConfiguration) {
+		this.globalConfiguration = null;
+	}
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/ConfigurationWrapper.java b/src/main/java/com/cognifide/secureaem/sling/ConfigurationWrapper.java
new file mode 100644
index 0000000..8137461
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/ConfigurationWrapper.java
@@ -0,0 +1,62 @@
+package com.cognifide.secureaem.sling;
+
+import com.cognifide.secureaem.Configuration;
+import com.cognifide.secureaem.GlobalConfiguration;
+import com.cognifide.secureaem.TestConfiguration;
+
+public class ConfigurationWrapper implements Configuration {
+
+	private GlobalConfiguration globalConfiguration;
+
+	private TestConfiguration testConfiguration;
+
+	public ConfigurationWrapper(GlobalConfiguration globalConfiguration, TestConfiguration testConfiguration) {
+		this.globalConfiguration = globalConfiguration;
+		this.testConfiguration = testConfiguration;
+	}
+
+	@Override
+	public String getDispatcherUrl() {
+		return globalConfiguration.getDispatcherUrl();
+	}
+
+	@Override
+	public String getAuthor() {
+		return globalConfiguration.getAuthor();
+	}
+
+	@Override
+	public String getAuthorLogin() {
+		return globalConfiguration.getAuthorLogin();
+	}
+
+	@Override
+	public String getAuthorPassword() {
+		return globalConfiguration.getAuthorPassword();
+	}
+
+	@Override
+	public String getPublish() {
+		return globalConfiguration.getPublish();
+	}
+
+	@Override
+	public String getPublishLogin() {
+		return globalConfiguration.getPublishLogin();
+	}
+
+	@Override
+	public String getPublishPassword() {
+		return globalConfiguration.getPublishPassword();
+	}
+
+	@Override
+	public String getStringValue(String name, String defaultValue) {
+		return testConfiguration.getStringValue(name, defaultValue);
+	}
+
+	@Override
+	public String[] getStringList(String name) {
+		return testConfiguration.getStringList(name);
+	}
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/ResourceGlobalConfiguration.java b/src/main/java/com/cognifide/secureaem/sling/ResourceGlobalConfiguration.java
new file mode 100644
index 0000000..9d59037
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/ResourceGlobalConfiguration.java
@@ -0,0 +1,96 @@
+package com.cognifide.secureaem.sling;
+
+import com.adobe.granite.crypto.CryptoException;
+import com.adobe.granite.crypto.CryptoSupport;
+import com.cognifide.secureaem.GlobalConfiguration;
+import com.cognifide.secureaem.cli.CliConfiguration;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.sling.api.SlingHttpServletRequest;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ValueMap;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ResourceGlobalConfiguration implements GlobalConfiguration {
+
+	private static final Logger LOG = LoggerFactory.getLogger(ResourceConfiguration.class);
+
+	private ValueMap globalConfig;
+
+	private CryptoSupport cryptoSupport;
+
+	public ResourceGlobalConfiguration(SlingHttpServletRequest request, CryptoSupport cryptoSupport) {
+		this.cryptoSupport = cryptoSupport;
+		Resource globalConfigRes = findGlobalConfig(request);
+		if (globalConfigRes != null) {
+			globalConfig = globalConfigRes.adaptTo(ValueMap.class);
+		}
+	}
+
+	@Override
+	public String getDispatcherUrl() {
+		return StringUtils.removeEnd(getGlobalConfigParam("dispatcher"), "/");
+	}
+
+	@Override
+	public String getAuthor() {
+		return StringUtils.removeEnd(getGlobalConfigParam("author"), "/");
+	}
+
+	@Override public String getAuthorLogin() {
+		return getGlobalConfigParam("authorLogin");
+	}
+
+	@Override public String getAuthorPassword() {
+		return getPassword("authorPassword");
+	}
+
+	@Override
+	public String getPublish() {
+		return StringUtils.removeEnd(getGlobalConfigParam("publish"), "/");
+	}
+
+	@Override public String getPublishLogin() {
+		return getGlobalConfigParam("publishLogin");
+	}
+
+	@Override public String getPublishPassword() {
+		return getPassword("publishPassword");
+	}
+
+	private String getPassword(String paramName) {
+		String password = StringUtils.defaultString(getGlobalConfigParam(paramName));
+		String decryptedPassword = password;
+		if (cryptoSupport.isProtected(password)) {
+			try {
+				decryptedPassword = cryptoSupport.unprotect(password);
+			} catch (CryptoException e) {
+				LOG.error("Failed to decrypt password {}", paramName, e);
+			}
+		}
+		return decryptedPassword;
+	}
+
+
+	private String getGlobalConfigParam(String name) {
+		if (globalConfig == null) {
+			return null;
+		}
+		return globalConfig.get(name, String.class);
+	}
+
+	private Resource findGlobalConfig(SlingHttpServletRequest request) {
+		Resource resource = request.getResource();
+		while (resource != null) {
+			if (resource.isResourceType("cq:Page")) {
+				Resource content = resource.getChild("jcr:content");
+				String resourceType = content.adaptTo(ValueMap.class).get("sling:resourceType", String.class);
+				if ("cognifide/secureaem/renderers/mainRenderer".equals(resourceType)) {
+					return content.getChild("globalConfig");
+				}
+			}
+			resource = resource.getParent();
+		}
+		return null;
+	}
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/ResourceTestConfiguration.java b/src/main/java/com/cognifide/secureaem/sling/ResourceTestConfiguration.java
new file mode 100644
index 0000000..1b47a7a
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/ResourceTestConfiguration.java
@@ -0,0 +1,29 @@
+package com.cognifide.secureaem.sling;
+
+import com.cognifide.secureaem.TestConfiguration;
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.sling.api.SlingHttpServletRequest;
+import org.apache.sling.api.resource.ValueMap;
+
+public class ResourceTestConfiguration implements TestConfiguration {
+
+	private final ValueMap valueMap;
+
+	public ResourceTestConfiguration(SlingHttpServletRequest request) {
+		this.valueMap = request.getResource().adaptTo(ValueMap.class);
+	}
+
+	@Override
+	public String getStringValue(String name, String defaultValue) {
+		return getLocalConfig(name, defaultValue);
+	}
+
+	@Override
+	public String[] getStringList(String name) {
+		return getLocalConfig(name, ArrayUtils.EMPTY_STRING_ARRAY);
+	}
+
+	private <T> T getLocalConfig(String name, T defaultValue) {
+		return this.valueMap.get(name, defaultValue);
+	}
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/SecureAemGlobalConfiguration.java b/src/main/java/com/cognifide/secureaem/sling/SecureAemGlobalConfiguration.java
new file mode 100644
index 0000000..6bbcd89
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/SecureAemGlobalConfiguration.java
@@ -0,0 +1,129 @@
+package com.cognifide.secureaem.sling;
+
+import com.adobe.granite.crypto.CryptoException;
+import com.adobe.granite.crypto.CryptoSupport;
+import com.cognifide.secureaem.GlobalConfiguration;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.ConfigurationPolicy;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.commons.osgi.PropertiesUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+
+@Service(SecureAemGlobalConfiguration.class)
+@Component(label = "Global Configuration for Secure Aem",
+	description = "This configuration is used instead of the global configuration provided in the content. To use values configured in content please disable this " +
+			"Component or remove configuration file.",
+	policy = ConfigurationPolicy.REQUIRE,
+	metatype = true,
+	immediate = true)
+public class SecureAemGlobalConfiguration implements GlobalConfiguration {
+
+	private static final Logger LOGGER = LoggerFactory.getLogger(SecureAemGlobalConfiguration.class);
+
+	@Reference
+	private CryptoSupport cryptoSupport;
+
+	@Property(label = "Dispatcher url")
+	private static final String DISPATCHER_URL = "dispatcher.url";
+
+	@Property(label = "Author url", value = "http://localhost:4502")
+	private static final String AUTHOR_URL = "author.url";
+
+	@Property(label = "Author login", value = "admin")
+	private static final String AUTHOR_LOGIN = "author.login";
+
+	@Property(label = "Author password", value = "admin",
+			description = "Should be encrypted with tool available through /system/console/crypto. Plain text supported but not recommended.")
+	private static final String AUTHOR_PASSOWRD = "author.password";
+
+	@Property(label = "Publish url", value = "http://localhost:4503")
+	private static final String PUBLISH_URL = "publish.url";
+
+	@Property(label = "Publish login", value = "admin")
+	private static final String PUBLISH_LOGIN = "publish.login";
+
+	@Property(label = "Publish password", value = "admin",
+			description = "Should be encrypted with tool available through /system/console/crypto. Plain text supported but not recommended.")
+	private static final String PUBLISH_PASSOWRD = "publish.password";
+
+	private String dispatcherUrl;
+
+	private String authorUrl;
+
+	private String authorLogin;
+
+	private String authorPassowrd;
+
+	private String publishUrl;
+
+	private String publishLogin;
+
+	private String publishPassword;
+
+	@Activate
+	protected void activate(Map<String, Object> properties) {
+		LOGGER.info("Activating service.");
+		dispatcherUrl = PropertiesUtil.toString(properties.get(DISPATCHER_URL), "");
+		authorUrl = PropertiesUtil.toString(properties.get(AUTHOR_URL), "");
+		authorLogin = PropertiesUtil.toString(properties.get(AUTHOR_LOGIN), "");
+		authorPassowrd = PropertiesUtil.toString(properties.get(AUTHOR_PASSOWRD), "");
+		publishUrl = PropertiesUtil.toString(properties.get(PUBLISH_URL), "");
+		publishLogin = PropertiesUtil.toString(properties.get(PUBLISH_LOGIN), "");
+		publishPassword = PropertiesUtil.toString(properties.get(PUBLISH_PASSOWRD), "");
+	}
+
+	@Override
+	public String getDispatcherUrl() {
+		return dispatcherUrl;
+	}
+
+	@Override
+	public String getAuthor() {
+		return authorUrl;
+	}
+
+	@Override
+	public String getAuthorLogin() {
+		return authorLogin;
+	}
+
+	@Override
+	public String getAuthorPassword() {
+		return getPassword(authorPassowrd);
+	}
+
+	@Override
+	public String getPublish() {
+		return publishUrl;
+	}
+
+	@Override
+	public String getPublishLogin() {
+		return publishLogin;
+	}
+
+	@Override
+	public String getPublishPassword() {
+		return getPassword(publishPassword);
+	}
+
+
+	private String getPassword(String passwordToDecrypt) {
+		String password = StringUtils.defaultString(passwordToDecrypt);
+		if (cryptoSupport.isProtected(password)) {
+			try {
+				password = cryptoSupport.unprotect(password);
+			} catch (CryptoException e) {
+				LOGGER.error("Failed to decrypt password", e);
+			}
+		}
+		return password;
+	}
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/TestInvoker.java b/src/main/java/com/cognifide/secureaem/sling/TestInvoker.java
index 07f9fbd..75a3be1 100644
--- a/src/main/java/com/cognifide/secureaem/sling/TestInvoker.java
+++ b/src/main/java/com/cognifide/secureaem/sling/TestInvoker.java
@@ -5,6 +5,8 @@
 
 import javax.servlet.ServletException;
 
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.sling.SlingServlet;
 import org.apache.sling.api.SlingHttpServletRequest;
 import org.apache.sling.api.SlingHttpServletResponse;
 import org.apache.sling.api.resource.Resource;
@@ -14,15 +16,24 @@
 import com.cognifide.secureaem.AbstractTest;
 import com.cognifide.secureaem.Configuration;
 
+@SlingServlet(
+		methods = {"GET"},
+		extensions = "json",
+		resourceTypes = "cognifide/secureaem/components/abstractTest"
+)
 public class TestInvoker extends SlingSafeMethodsServlet {
 
 	private static final long serialVersionUID = 1334083614379709964L;
 
+	@Reference
+	private ConfigurationProvider configurationPrivder;
+
 	@Override
 	public void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws IOException,
 			ServletException {
 		String testClassName = getTestClassName(request);
-		Configuration config = new ResourceConfiguration(request);
+		Configuration config = configurationPrivder.createConfiguration(request);
+
 		AbstractTest test;
 		try {
 			Class<?> clazz = Class.forName(testClassName);
diff --git a/src/main/java/com/cognifide/secureaem/sling/password/AuthorPasswordFieldEncryptFilter.java b/src/main/java/com/cognifide/secureaem/sling/password/AuthorPasswordFieldEncryptFilter.java
new file mode 100644
index 0000000..b54f355
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/password/AuthorPasswordFieldEncryptFilter.java
@@ -0,0 +1,15 @@
+package com.cognifide.secureaem.sling.password;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Service;
+
+@Service
+@Component
+public class AuthorPasswordFieldEncryptFilter implements PasswordFiledEncryptFilter {
+	@Override
+	public boolean isSupported(String propertyPath) {
+		return StringUtils.startsWith(propertyPath, "/etc/secureaem")
+				&& StringUtils.endsWith(propertyPath, "authorPassword");
+	}
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/password/PasswordFiledEncryptFilter.java b/src/main/java/com/cognifide/secureaem/sling/password/PasswordFiledEncryptFilter.java
new file mode 100644
index 0000000..a0f056c
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/password/PasswordFiledEncryptFilter.java
@@ -0,0 +1,12 @@
+package com.cognifide.secureaem.sling.password;
+
+public interface PasswordFiledEncryptFilter {
+
+	/**
+	 * Checks whether property given by <code>propertyPath</code> parameter should be encrypted
+	 * @param propertyPath absolute path to property
+	 * @return <strong>true</strong> if property should be encrypted, <strong>false</strong> otherwise
+	 */
+	boolean isSupported(String propertyPath);
+
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/password/PasswordPropertySavePostProcessor.java b/src/main/java/com/cognifide/secureaem/sling/password/PasswordPropertySavePostProcessor.java
new file mode 100644
index 0000000..31cabc9
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/password/PasswordPropertySavePostProcessor.java
@@ -0,0 +1,109 @@
+package com.cognifide.secureaem.sling.password;
+
+import com.adobe.granite.crypto.CryptoException;
+import com.adobe.granite.crypto.CryptoSupport;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.SlingHttpServletRequest;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.servlets.post.Modification;
+import org.apache.sling.servlets.post.SlingPostProcessor;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.util.Collection;
+import java.util.List;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Collectors;
+
+
+@Component
+@Service
+public class PasswordPropertySavePostProcessor implements SlingPostProcessor {
+
+	private static final Logger LOGGER = LoggerFactory.getLogger(PasswordPropertySavePostProcessor.class);
+
+	private static final String PATH_SEPARATOR = "/";
+
+	@Reference(
+			bind = "bind",
+			unbind = "unbind",
+			cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
+			referenceInterface = PasswordFiledEncryptFilter.class,
+			policy = ReferencePolicy.DYNAMIC)
+	private Collection<PasswordFiledEncryptFilter> encryptionFilters = ConcurrentHashMap.newKeySet();
+
+	@Reference
+	private CryptoSupport cryptoSupport;
+
+	@Override
+	public void process(SlingHttpServletRequest slingHttpServletRequest, List<Modification> list) {
+		List<String> propertiesToEncrypt = list.stream()
+				.filter(this::isSupported)
+				.map(Modification::getSource)
+				.collect(Collectors.toList());
+
+		ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
+		Session session = resourceResolver.adaptTo(Session.class);
+
+		if (session == null) {
+			LOGGER.error("Failed to create session.");
+			return;
+		}
+
+		for (String propertyPath : propertiesToEncrypt) {
+			try {
+				this.encryptProperty(session, propertyPath);
+			} catch (CryptoException | RepositoryException e) {
+				LOGGER.error("Failed to encrypt property {}", propertyPath, e);
+			}
+		}
+
+	}
+
+	private boolean isSupported(Modification modification) {
+		return encryptionFilters
+			.stream()
+			.filter(filter -> filter.isSupported(modification.getSource()))
+			.findFirst()
+			.isPresent();
+	}
+
+
+	private void encryptProperty(Session session, String propertyPath) throws CryptoException, RepositoryException {
+		Property propertyToBeProtected = session.getProperty(propertyPath);
+		if (propertyToBeProtected != null) {
+			String propertyValue = StringUtils.defaultString(propertyToBeProtected.getString());
+			if (!cryptoSupport.isProtected(propertyValue)) {
+				LOGGER.info("Encrypting property: '{}'", propertyPath);
+				String encryptedPropertyValue = cryptoSupport.protect(propertyValue);
+				propertyToBeProtected.setValue(encryptedPropertyValue);
+				LOGGER.info("Property '{}' encrypted", propertyPath);
+			}
+		}
+
+	}
+
+	private String getPropertyNodePath(String propertyPath) {
+		return StringUtils.substringBeforeLast(propertyPath, PATH_SEPARATOR);
+	}
+
+	private String getPropertyName(String propertyPath) {
+		return StringUtils.substringAfterLast(propertyPath, PATH_SEPARATOR);
+	}
+
+	protected void bind(PasswordFiledEncryptFilter filter) {
+		encryptionFilters.add(filter);
+	}
+
+	protected void unbind(PasswordFiledEncryptFilter filter) {
+		encryptionFilters.remove(filter);
+	}
+}
diff --git a/src/main/java/com/cognifide/secureaem/sling/password/PublishPasswordFieldEncryptFilter.java b/src/main/java/com/cognifide/secureaem/sling/password/PublishPasswordFieldEncryptFilter.java
new file mode 100644
index 0000000..1798e4c
--- /dev/null
+++ b/src/main/java/com/cognifide/secureaem/sling/password/PublishPasswordFieldEncryptFilter.java
@@ -0,0 +1,15 @@
+package com.cognifide.secureaem.sling.password;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Service;
+
+@Service
+@Component
+public class PublishPasswordFieldEncryptFilter implements PasswordFiledEncryptFilter {
+	@Override
+	public boolean isSupported(String propertyPath) {
+		return StringUtils.startsWith(propertyPath, "/etc/secureaem")
+				&& StringUtils.endsWith(propertyPath, "publishPassword");
+	}
+}