Native connectors are configured via JSON - including the inclusion of sensitive third party external API credentials. These credentials are a necessity for the connector to connect to those external data sources.

As the connector configuration would be accessible to all power users, it is important that these credentials cannot be extracted by any user (users, power users or administrators) - and be obfuscated once they have been entered and saved.

Therefore, certain parts of the config, typically the "Credentials" section, are encrypted during save and migrated to the "Encrypted Credentials".

When the connector runs its synchronisation job, the connector framework is able to decrypt the encrypted credentials, connect to the external system and perform the neccesary syncrhonisation.