Encrypted plain schema's secret key is used to encrypt the related attribute values.
Currently, such key is stored alongside with other plain schema's definition items, as cipher algorithm for example.
While functional, such approach breaks some security compliance rules, as (1) algorithm (2) secret key and (3) encrypted value are all in the same place (Syncope's internal storage).
We should introduce the possibility to store at least the secret key in another place.
Moreover, we could also consider, in the schema definition, a conversion pattern which allows, when set, to decrypt the values (if algorithm is compatible) for REST access; among other use cases, this would allow to transparently edit via Admin Console / Enduser UI the related attributes.