Provide the ability to generate cryptographic strong passwords
When deploying application containers, there can be times when you want a password that no human needs to know and survives only for the lifetime of the container.
Our primary use case is generating secure keystores for certificates, etc. At container start-up, it will generate a new local keystore and we then have the ability to dynamically sign CSRs generated within the container via an external signing service.
We do not want to leave the keystore nor the certificate objects without any password, but also do not want to store the values anywhere external to the container.
Granted, we certainly can do things like set a short certificate lifetime, adopt policies such rapid container cycling, etc. in addition as a layered approach, but I see no reason to externally persist secrets that are of no use and add operational overhead to cycle manually.