diff --git a/packages/ui/certd-client/src/views/certd/access/access-selector/access/secret-plain-getter.vue b/packages/ui/certd-client/src/views/certd/access/access-selector/access/secret-plain-getter.vue
new file mode 100644
index 000000000..cf05c662f
--- /dev/null
+++ b/packages/ui/certd-client/src/views/certd/access/access-selector/access/secret-plain-getter.vue
@@ -0,0 +1,32 @@
+<template>
+  <a-button class="cd-secret-plain-getter ml-5">
+    <fs-icon class="pointer" :icon="computedIcon" @click="showPlain" />
+  </a-button>
+</template>
+<script lang="ts" setup>
+import { computed, inject, ref } from "vue";
+defineOptions({
+  name: "SecretPlainGetter"
+});
+
+const props = defineProps<{
+  modelValue?: string;
+  accessId?: number;
+  inputKey: string;
+}>();
+
+const emit = defineEmits(["update:modelValue"]);
+const showRef = ref(false);
+const computedIcon = computed(() => {
+  return showRef.value ? "ion:eye-outline" : "ion:eye-off-outline";
+});
+const accessApi: any = inject("accessApi");
+async function showPlain() {
+  showRef.value = true;
+  if (props.accessId) {
+    const plain = await accessApi.GetSecretPlain(props.accessId, props.inputKey);
+    emit("update:modelValue", plain);
+  }
+}
+</script>
+<style lang="less"></style>
diff --git a/packages/ui/certd-client/src/views/certd/access/api.ts b/packages/ui/certd-client/src/views/certd/access/api.ts
index 903f9c316..ca9d47c62 100644
--- a/packages/ui/certd-client/src/views/certd/access/api.ts
+++ b/packages/ui/certd-client/src/views/certd/access/api.ts
@@ -43,6 +43,14 @@ export function createAccessApi(from = "user") {
       });
     },
 
+    async GetSecretPlain(id: number, key: string) {
+      return await request({
+        url: apiPrefix + "/getSecretPlain",
+        method: "post",
+        data: { id, key }
+      });
+    },
+
     async GetProviderDefine(type: string) {
       return await request({
         url: apiPrefix + "/define",
diff --git a/packages/ui/certd-client/src/views/certd/access/common.tsx b/packages/ui/certd-client/src/views/certd/access/common.tsx
index 99258f648..5b2c3ebec 100644
--- a/packages/ui/certd-client/src/views/certd/access/common.tsx
+++ b/packages/ui/certd-client/src/views/certd/access/common.tsx
@@ -1,9 +1,11 @@
 import { ColumnCompositionProps, dict } from "@fast-crud/fast-crud";
-import { computed, ref, toRef } from "vue";
+import { computed, provide, ref, toRef } from "vue";
 import { useReference } from "/@/use/use-refrence";
 import { forEach, get, merge, set } from "lodash-es";
+import SecretPlainGetter from "/@/views/certd/access/access-selector/access/secret-plain-getter.vue";
 
 export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any) {
+  provide("accessApi", api);
   const AccessTypeDictRef = dict({
     url: "/pi/access/accessTypeDict"
   });
@@ -32,6 +34,13 @@ export function getCommonColumnDefine(crudExpose: any, typeRef: any, api: any) {
       };
       const column = merge({ title: key }, defaultPluginConfig, field);
 
+      if (value.encrypt === true) {
+        column.suffixRender = (scope: { form: any; key: string }) => {
+          const { form, key } = scope;
+          const inputKey = scope.key.replace("access.", "");
+          return <SecretPlainGetter accessId={form.id} inputKey={inputKey} v-model={form[key]} />;
+        };
+      }
       //eval
       useReference(column);
 
diff --git a/packages/ui/certd-server/src/controller/pipeline/access-controller.ts b/packages/ui/certd-server/src/controller/pipeline/access-controller.ts
index 3ee6e7372..4b1df6831 100644
--- a/packages/ui/certd-server/src/controller/pipeline/access-controller.ts
+++ b/packages/ui/certd-server/src/controller/pipeline/access-controller.ts
@@ -67,6 +67,12 @@ export class AccessController extends CrudController<AccessService> {
     return this.ok(access);
   }
 
+  @Post('/getSecretPlain', { summary: Constants.per.authOnly })
+  async getSecretPlain(@Body(ALL) body: { id: number; key: string }) {
+    const value = await this.service.getById(body.id, this.getUserId());
+    return this.ok(value[body.key]);
+  }
+
   @Post('/accessTypeDict', { summary: Constants.per.authOnly })
   async getAccessTypeDict() {
     const list = this.service.getDefineList();