[Feature Request] Password Decryption Service for External API Integration

[kpidoff]

Summary:
This feature request is for the addition of a password decryption service within our project's API. The purpose is to enable secure and efficient communication with external services that require authentication.

Background:
Currently, we are utilizing the @password attribute to store encrypted passwords. While this method ensures security within our database, it poses a challenge when interacting with external services. These services often require a decrypted password for authentication, and our current setup lacks the functionality to handle this decryption process efficiently.

Proposed Solution:
The implementation of a password decryption service within our API. This service should:

Securely decrypt passwords stored with the @Crypte attribute.
Ensure that the decryption process adheres to high-security standards to prevent unauthorized access.
Provide a streamlined method for the API to retrieve decrypted passwords when necessary, particularly for communicating with external services.
Use Case:
Consider a scenario where our API needs to communicate with an external payment gateway that requires a decrypted password for authentication. The proposed service would enable our API to securely decrypt the necessary password and authenticate with the payment gateway, thereby facilitating smooth and secure transactions.

Expected Benefits:

Enhanced security and efficiency in dealing with external services.
Compliance with best practices for password management and security.
Improved scalability and maintenance of our API as we expand our external integrations.

[vrmiguel]

Isn't this done in https://zenstack.dev/docs/guides/field-encryption ?