For system passwords which are used during communication to collect data from remote machines using protocols like WMI, WBEM, SNMP, SSH, etc, we store those in database with two-way AES-128/AES-256 and passwords used for local users will be stored as hash with one-way encryption SHA-256.
We have option to change the encryption key used for AES as per user recycling policy so that new encrypted passwords gets generated.
Another important note is we don’t store passwords for the users which are imported through Active Directory.