Registration credentials do not need to be passed or kept on disk in plain-text. When defining SIP credentials in your User Directoryy, instead of including the following line:

<param name="password" value="samiam"/> 

replace it with a pre-calculated a1-hash of the password, like the following:

<param name="a1-hash" value="c6440e5de50b403206989679159de89a"/> 

To generate a1-hash, on a linux box get the md5 of the string username:domain:password, which is your username, domain name, and password all tied together with a colon. As an example:

echo -n "darren:2600hz.com:pass1234" | md5sum 
b62d1e3e27773ffd173c87e342a6aace 

You would utilize the returned hash in your User Directory entry. This means you did not have to store the actual SIP registration on disk and someone who finds a way to compromise the file can't see the password either.

A full example would look something like the following:

<user id="darren"> 
<params> 
<param name="a1-hash"
       value="c6440e5de50b403206989679159de89a"/> 
</params> 
</user>