[…] Each development machine has its own
copy of config.xml. All the
passphrases (those for JDBC
datasources etc.) in this file are
encrypted …

是的,WebLogic Server会加密存储在其域配置XML文件中的所有纯文本密码.这是为了防止访问敏感信息.使用管理控制台或脚本工具输入密码时,它会在存储到配置XML文件之前自动加密.

… and the encryption
apparently uses a different seed on
each machine since the same password
has different encrypted forms on
different machines.

关于encrypt实用程序(来自Oracle WebLogic Server Java实用程序),文档说：

The weblogic.security.Encrypt encrypts cleartext strings for use with WebLogic Server. The utility uses the encryption service of the current directory,or the encryption service for a specified WebLogic Server domain root directory.

Note: An encrypted string must have been encrypted by the encryption service in the WebLogic Server domain where it will be used. If not,the server will not be able to decrypt the string.

这在文档中没有提到,但是,AFAIK,Weblogic使用域的密码salt文件(SerializedSystemIni.dat)来加密明文字符串.

[…] If we just put the file in CVS and update the other machines from there the encrypted passwords on each machine would get overwritten.

您可以选择在VCS中存储的config.xml中使用明文密码(如果这不是问题).实际上,在WebLogic Server 9.0之前,密码将在后续重新启动期间加密.从WebLogic Server 9.0开始,仅在开发域中“完全”支持在配置文件中使用明文密码,并且Weblogic不会重新加密密码.在这两种情况下,这将允许人们检查配置文件没有麻烦.

Is there an ant task (I Couldn’t find one) or a similar mechanism that would take care of correctly merging the changes in config.xml without overwriting the encrypted passwords?…

我不确定这会直接回答您的问题,但Oracle WebLogic Server为其大部分(如果不是全部)Java Utilities提供了Ant tasks.也许你会在那里找到有用的东西(查看Configuring a WebLogic Server Domain Using the wlconfig Ant Task)

Or is it possible to somehow specify the passphrases in plaintext and encrypt them on the first start (I have a faint recollection that this was possible in prevIoUs versions but not in 10.3).

正如我上面所写,这是Weblogic Server 9.0之前的“默认”行为.我不知道你是否可以为以后的版本强制执行此行为.当然,你总是可以使用ant和encrypt来实现它,但老实说,如果你允许人们一次看到明文密码,我真的没有看到在事实之后加密它们的重点.