Replication Agent uses a dynamic key for password encryption.
When you create a Replication Agent instance, a random key is generated automatically and stored in the ra_random configuration parameter. You can clear this parameter setting with the -k option of the rao_admin utility, after which Replication Agent regenerates a new value for ra_random when the instance is restarted.