Currently the approved method of starting Synchrony  as a service involves storing the database credentials in clear text in a systemd configuration file. Even if you lock this file down, or assign it as a variable in a users .bash_profile it is not a best practice. Suggesting that some more secure mechanism be provided to deal with this within the application. For example LUKS in RHEL 7 could be used for this purpose, but there needs to be some work in Confluence to support this mechanism.