All data entered into the private credentials form is encrypted with a key that is unique to the ticket. The key and the data are both stored with the ticket. This is done without any additional work on the administrators party. While the data is encrypted, the fact that the encryption key is stored inside the same database means that anyone with access to the database can still decrypt the data relatively easily. But the data can be made more secure with one more step:
In order for the data to be better secured, you will need to enable an option in your wp-config.php file. Simply edit that file and add the following line to it:
define(‘WPAS_PC_ENCRYPTION_KEY_MASTER’, ‘master encryption key here’);
You should use a very long master key and make sure you don’t forget it.
A good place to add this line is below your database username and password definitions or just above or below the standard keys included by WordPress.
When this option is enabled, the individual ticket keys are further encrypted by this master key. In this way an intruder needs to pull both the data from the database AND the data from the separately located wp-config.php file in order to decrypt the private credential contents.
Use of a master encryption key should be done BEFORE any credentials are created. Otherwise, none of the existing credentials will be readable since they will be presumed encrypted by the master key.