How does Certero store account credentials in the database?

How does Certero store the service account credentials used to deploy the Certero windows agent (encryption used to store the credentials, and when the credentials are used, at what point is it decrypted and is it accessible in memory)?

All user-supplied credentials are stored in the Certero Management Platform database. Passwords are encrypted using the Blowfish reversible encryption cipher. Credentials are decrypted as and when required by the services that run on the top-level Application server and down-level Endpoint servers. In practice, the credentials are only accessible in memory on the server (Application and/or Endpoint) at the time that they are used.