diff --git a/src/backend/utils/field-crypto.ts b/src/backend/utils/field-crypto.ts
index 098b5b8e..2be3935e 100644
--- a/src/backend/utils/field-crypto.ts
+++ b/src/backend/utils/field-crypto.ts
@@ -17,18 +17,31 @@ class FieldCrypto {
   private static readonly ENCRYPTED_FIELDS = {
     users: new Set([
       "password_hash",
+      "passwordHash",
       "client_secret",
+      "clientSecret",
       "totp_secret",
+      "totpSecret",
       "totp_backup_codes",
+      "totpBackupCodes",
       "oidc_identifier",
+      "oidcIdentifier",
+    ]),
+    ssh_data: new Set([
+      "password",
+      "key",
+      "key_password",
+      "keyPassword",
     ]),
-    ssh_data: new Set(["password", "key", "key_password"]),
     ssh_credentials: new Set([
       "password",
       "private_key",
+      "privateKey",
       "key_password",
+      "keyPassword",
       "key",
       "public_key",
+      "publicKey",
     ]),
   };
 
diff --git a/src/backend/utils/lazy-field-encryption.ts b/src/backend/utils/lazy-field-encryption.ts
index 8eae9193..06c43d8c 100644
--- a/src/backend/utils/lazy-field-encryption.ts
+++ b/src/backend/utils/lazy-field-encryption.ts
@@ -6,6 +6,10 @@ export class LazyFieldEncryption {
     key_password: "keyPassword",
     private_key: "privateKey",
     public_key: "publicKey",
+    // Reverse mappings for Drizzle ORM (camelCase -> snake_case)
+    keyPassword: "key_password",
+    privateKey: "private_key",
+    publicKey: "public_key",
   };
 
   static isPlaintextField(value: string): boolean {