There are various places where DB username/password is specified in plaintext like prbooststrap & prconfig file to run certain CLI utilities. Please note keyring implementation is to encrypt the password for prconfig.xml, passgen is for prbootstrap.properties.
Please note custom cipher implementation encrypts application-level data but not the database connection details in context.xml. If you want to encrypt the password in context.xml then that is a question for the application server. Pega doesn't have any recommendations to achieve this.