diff --git a/core/src/main/java/io/xpipe/core/util/AesSecretValue.java b/core/src/main/java/io/xpipe/core/util/AesSecretValue.java
index 5f4141f51..83a8052ac 100644
--- a/core/src/main/java/io/xpipe/core/util/AesSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/AesSecretValue.java
@@ -11,8 +11,8 @@ import javax.crypto.spec.GCMParameterSpec;
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
 import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
 import java.security.spec.InvalidKeySpecException;
+import java.util.Random;
 
 @SuperBuilder
 @Jacksonized
@@ -31,7 +31,7 @@ public class AesSecretValue extends EncryptedSecretValue {
 
     private static byte[] getFixedNonce(int numBytes) {
         byte[] nonce = new byte[numBytes];
-        new SecureRandom(new byte[] {1, -28, 123}).nextBytes(nonce);
+        new Random(1 - 28 + 213213).nextBytes(nonce);
         return nonce;
     }
 
diff --git a/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java b/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java
index c7d2afbb4..3343bcb4f 100644
--- a/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java
@@ -8,7 +8,6 @@ import lombok.extern.jackson.Jacksonized;
 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.StandardCharsets;
-import java.util.Base64;
 
 @SuperBuilder
 @Jacksonized
@@ -22,7 +21,7 @@ public class EncryptedSecretValue implements SecretValue {
         var utf8 = StandardCharsets.UTF_8.encode(CharBuffer.wrap(c));
         var bytes = new byte[utf8.limit()];
         utf8.get(bytes);
-        encryptedValue = SecretValue.base64e(encrypt(bytes));
+        encryptedValue = SecretValue.toBase64e(encrypt(bytes));
     }
 
     @Override
@@ -33,14 +32,14 @@ public class EncryptedSecretValue implements SecretValue {
     @Override
     public char[] getSecret() {
         try {
-            var bytes = Base64.getDecoder().decode(encryptedValue.replace("-", "/"));
+            var bytes = SecretValue.fromBase64e(getEncryptedValue());
             bytes = decrypt(bytes);
             var charBuffer = StandardCharsets.UTF_8.decode(ByteBuffer.wrap(bytes));
             var chars = new char[charBuffer.limit()];
             charBuffer.get(chars);
             return chars;
         } catch (Exception ex) {
-            throw new IllegalStateException("Unable to decrypt secret");
+            return new char[0];
         }
     }
 
diff --git a/core/src/main/java/io/xpipe/core/util/SecretValue.java b/core/src/main/java/io/xpipe/core/util/SecretValue.java
index 4824c56e1..b7e13e1bf 100644
--- a/core/src/main/java/io/xpipe/core/util/SecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/SecretValue.java
@@ -9,11 +9,16 @@ import java.util.function.Consumer;
 @JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type")
 public interface SecretValue {
 
-    public static String base64e(byte[] b) {
+    public static String toBase64e(byte[] b) {
         var base64 = Base64.getEncoder().encodeToString(b);
         return base64.replace("/", "-");
     }
 
+    public static byte[] fromBase64e(String s) {
+        var bytes = Base64.getDecoder().decode(s.replace("-", "/"));
+        return bytes;
+    }
+
     public default void withSecretValue(Consumer<char[]> con) {
         var chars = getSecret();
         con.accept(chars);
diff --git a/ext/base/src/main/java/io/xpipe/ext/base/actions/AddStoreAction.java b/ext/base/src/main/java/io/xpipe/ext/base/actions/AddStoreAction.java
index 493bf3b58..8d0c86f1a 100644
--- a/ext/base/src/main/java/io/xpipe/ext/base/actions/AddStoreAction.java
+++ b/ext/base/src/main/java/io/xpipe/ext/base/actions/AddStoreAction.java
@@ -3,7 +3,7 @@ package io.xpipe.ext.base.actions;
 import io.xpipe.app.comp.source.store.GuiDsStoreCreator;
 import io.xpipe.app.ext.ActionProvider;
 import io.xpipe.app.storage.DataStoreEntry;
-import io.xpipe.app.util.SecretHelper;
+import io.xpipe.app.util.DefaultSecretValue;
 import io.xpipe.core.store.DataStore;
 import io.xpipe.core.util.JacksonMapper;
 import lombok.Value;
@@ -43,7 +43,7 @@ public class AddStoreAction implements ActionProvider {
 
             @Override
             public Action createAction(List<String> args) throws Exception {
-                var storeString = SecretHelper.encryptInPlace(args.get(0));
+                var storeString = DefaultSecretValue.builder().encryptedValue(args.get(0)).build();
                 var store = JacksonMapper.parse(storeString.getSecretValue(), DataStore.class);
                 return new Action(store);
             }