Sorry for the belated reply here. I can answer this for you.
When you make a custom connector, there are actually two parts to an encrypted field. One is doing exactly what you are doing, and making sure the form field sets encrypted values. This encrypts passwords when they are entered and the data gets stored as cipher-text.
You are seeing this cipher-text in the CCG file.
When these values go down to the Virtual Appliance, the CCG (what runs the connectors) needs to know what fields are encrypted (it doesn’t have access to the form), so it can decrypt the payload and send to the connector. All decryption happens in the VA. Since yours doesn’t have that configured, you just get a string with cipher-text.
In order to configure this, you just need to set an attribute in your connector’s attributes with a key called “encrypted” and then set the value to be a CSV list of all of the fields which are encrypted. The CCG will refer to this list and go an decrypt these encrypted fields.
Here are some examples if you were to look at this configured in a source via our v3 source APIs this looks something like this:
Workday Example:
{
"id": "2c9180837568cea1017576896bf64cc2",
"name": "Workday",
"created": "2020-10-29T22:45:18.966Z",
"modified": "2020-12-01T17:36:06.375Z",
"description": "Workday",
...
"type": "Workday",
"connector": "workday",
"connectorClass": "sailpoint.connector.OpenConnectorAdapter",
"connectorAttributes": {
...
"encrypted": "provisioningPassword,clientSecret,refreshToken",
Azure Active Directory Example:
{
"id": "2c91808a7a5e9ce7017a5e9fe2e0002b",
"name": "AAD",
"created": "2021-06-30T20:32:54.496Z",
"modified": "2021-06-30T20:32:58.752Z",
"description": "AAD",
...
"type": "Azure Active Directory",
"connector": "azure-active-directory",
"connectorClass": "sailpoint.connector.AzureADConnector",
"connectorAttributes": {
...
"encrypted": "clientSecret,IQServicePassword,clientCertificate,privateKeyPassword,private_key,refresh_token",