When you configure a target database, the database credentials that you enter are stored in a secure key store, not in the Dynamic Data Masking Management Console tree. A security provider allows access to the key store.
The key store and security provider protect database credentials and prevent unauthorized access to the target database. When you configure a database, you can choose to use either the default key store or a custom key store and security provider. If you choose the default key store, Dynamic Data Masking also uses the default security provider. Both the default key store and default security provider are pre-configured for use in Dynamic Data Masking. If you choose a custom key store and security provider, you must configure Dynamic Data Masking for use with the custom key store and security provider.