diff --git a/CHANGELOG.md b/CHANGELOG.md
index bc9a0b7..14ff12d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v1.3.0-SNAPSHOT] - [2023-01-27]
+
+- Feature #24253 add support for decrypted ServiceEndpoint
+
 ## [v1.2.0] - [2021-06-08]
 
 - Feature #21584 added support for /ServiceEndpoint/{category} REST call
diff --git a/pom.xml b/pom.xml
index 9054b78..961d234 100644
--- a/pom.xml
+++ b/pom.xml
@@ -11,7 +11,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.gcube.information-system</groupId>
 	<artifactId>icproxy</artifactId>
-	<version>1.2.0</version>
+	<version>1.3.0-SNAPSHOT</version>
 	<name>ICProxy</name>
 
 	<packaging>war</packaging>
@@ -75,6 +75,10 @@
 			<groupId>org.gcube.resources</groupId>
 			<artifactId>common-gcore-resources</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.core</groupId>
+			<artifactId>common-encryption</artifactId>
+		</dependency>
 		
 		<!-- jersey -->
 
diff --git a/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java b/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
index 618d587..21c2ad5 100644
--- a/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
+++ b/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
@@ -4,23 +4,23 @@ import static org.gcube.resources.discovery.icclient.ICFactory.client;
 import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
 import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
 
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
 
 import javax.validation.constraints.NotNull;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
+import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
 
 import lombok.extern.slf4j.Slf4j;
 
 import org.gcube.common.resources.gcore.*;
+import org.gcube.common.resources.gcore.utils.Group;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
 import org.gcube.resources.discovery.client.queries.impl.XQuery;
+import org.gcube.common.encryption.StringEncrypter;
 
 @Slf4j
 @Path("ServiceEndpoint")
@@ -39,52 +39,60 @@ public class ServiceEndpointResource {
 		return endpoints; 
 	}
 
+//	@GET
+//	@Path("/{category}/{name}")
+//	@Produces(MediaType.APPLICATION_XML)
+//	public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName,
+//			@NotNull @PathParam("category") String resourceCategory) {
+//		log.info("ServiceEndpoint called with category {} and name {} in scope {}",resourceCategory, resourceName, ScopeProvider.instance.get());
+//
+//		DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
+//
+//		List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceName, resourceCategory));
+//		log.debug("retrieved resources are "+endpoints.size());
+//		return endpoints;
+//	}
+
 	@GET
 	@Path("/{category}/{name}")
 	@Produces(MediaType.APPLICATION_XML)
-	public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName, 
-			@NotNull @PathParam("category") String resourceCategory) {
+	public List<ServiceEndpoint> retrieve(@NotNull @PathParam("name") String resourceName,
+										  @NotNull @PathParam("category") String resourceCategory, @QueryParam("decrypt") boolean isDecrypt) {
 		log.info("ServiceEndpoint called with category {} and name {} in scope {}",resourceCategory, resourceName, ScopeProvider.instance.get());
-		
 		DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
-
 		List<ServiceEndpoint> endpoints = client.submit(getQuery(resourceName, resourceCategory));
-		log.debug("retrieved resources are "+endpoints.size());
-		return endpoints; 
+		if(Objects.nonNull(endpoints)) {
+			log.debug("retrieved resources are "+endpoints.size());
+			if (isDecrypt) {
+				List<ServiceEndpoint> ses = new ArrayList<>(endpoints.size());
+				for (ServiceEndpoint resource : endpoints) {
+					ses.add(decryptResource(resource));
+				}
+				return ses;
+			}
+		}
+		return endpoints;
 	}
 
-	@GET
-	@Path("/{category}/{name}/{ap}")
-	@Produces(MediaType.TEXT_XML)
-	public String retrieve(@NotNull @PathParam("name") String resourceName,
-										  @NotNull @PathParam("category") String resourceCategory,
-										  @NotNull @PathParam("ap") String accessPoint) {
-		log.info("ServiceEndpoint called with category {}, name {} and accessPoint {} in scope {}",resourceCategory, resourceName, accessPoint, ScopeProvider.instance.get());
-//		SimpleQuery query = getQuery(resourceName, resourceCategory);
-//		query.setResult("$resource/Profile/AccessPoint/Interface/Endpoint[@EntryName='"+accessPoint+"'");
-////		DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
+//	@GET
+//	@Path("/{category}/{name}/{ap}")
+//	@Produces(MediaType.TEXT_XML)
+//	public String retrieve(@NotNull @PathParam("name") String resourceName,
+//										  @NotNull @PathParam("category") String resourceCategory,
+//										  @NotNull @PathParam("ap") String accessPoint) {
+//		log.info("ServiceEndpoint called with category {}, name {} and accessPoint {} in scope {}",resourceCategory, resourceName, accessPoint, ScopeProvider.instance.get());
+//		XQuery query=queryFor(ServiceEndpoint.class);
+//		query.addCondition(String.format("$resource/Profile/Name/text() eq '%s'",resourceName));
+//		query.addCondition(String.format("$resource/Profile/Category/text() eq '%s'",resourceCategory));
+//		query.setResult("$resource/Profile/AccessPoint/Interface/Endpoint[@EntryName='"+accessPoint+"']/text()");
 //		DiscoveryClient<String> client = client();
-////		List<ServiceEndpoint> endpoints = client.submit(query);
-//		log.debug("retrieved endpoint is "+endpoints);
-//		if (Objects.nonNull(endpoints))
-//			return endpoints.get(0).toString();
+//		List<String> accessList= client.submit(query);
+//		if (Objects.nonNull(accessList))
+//			return accessList.get(0).toString();
 //		else
 //			log.warn("endpoint not found with following coordinates: {} {} and accesspoint: {}", resourceCategory, resourceName,accessPoint);
 //		return null;
-
-
-		XQuery query=queryFor(ServiceEndpoint.class);
-		query.addCondition(String.format("$resource/Profile/Name/text() eq '%s'",resourceName));
-		query.addCondition(String.format("$resource/Profile/Category/text() eq '%s'",resourceCategory));
-		query.setResult("$resource/Profile/AccessPoint/Interface/Endpoint[@EntryName='"+accessPoint+"']/text()");
-		DiscoveryClient<String> client = client();
-		List<String> accessList= client.submit(query);
-		if (Objects.nonNull(accessList))
-			return accessList.get(0).toString();
-		else
-			log.warn("endpoint not found with following coordinates: {} {} and accesspoint: {}", resourceCategory, resourceName,accessPoint);
-		return null;
-	}
+//	}
 
 	@GET
 	@Path("/{category}/{name}/Result/{result:([^$\\?]+)}")
@@ -126,20 +134,23 @@ public class ServiceEndpointResource {
 		return query;
 	}
 
-	public static <T extends Resource> XQuery getSpecificXQuery(T resource) {
-		XQuery query = null;
-		if(resource.type().toString().equalsIgnoreCase("RuntimeResource")){
-			query = queryFor(ServiceEndpoint.class);
-		}else if(resource.type().toString().equalsIgnoreCase("GenericResource")){
-			query = queryFor(GenericResource.class);
-		}else if(resource.type().toString().equalsIgnoreCase("RunningInstance")){
-			query = queryFor(GCoreEndpoint.class);
-		}else if(resource.type().toString().equalsIgnoreCase("GHN")){
-			query = queryFor(HostingNode.class);
-		}else{
-			throw new RuntimeException("The following resource type is not managed: "+resource);
+	private ServiceEndpoint decryptResource(ServiceEndpoint resource) {
+		Group<ServiceEndpoint.AccessPoint> aps=resource.profile().accessPoints();
+		for (ServiceEndpoint.AccessPoint ap : aps){
+			String decrypted =decryptString(ap.password());
+			String user= ap.username();
+
+			ap.credentials(decrypted, user);
+		}
+		return resource;
+	}
+
+	public static String decryptString(String toDecrypt){
+		try{
+			return StringEncrypter.getEncrypter().decrypt(toDecrypt);
+		}catch(Exception e) {
+			throw new RuntimeException("Unable to decrypt : "+toDecrypt,e);
 		}
-		return query;
 	}
 
 }
diff --git a/src/test/java/org/gcube/informationsystem/icproxy/TestCall.java b/src/test/java/org/gcube/informationsystem/icproxy/TestCall.java
index 71f64bf..5941760 100644
--- a/src/test/java/org/gcube/informationsystem/icproxy/TestCall.java
+++ b/src/test/java/org/gcube/informationsystem/icproxy/TestCall.java
@@ -11,6 +11,8 @@ import org.gcube.informationsystem.icproxy.resources.ICResource;
 import org.gcube.informationsystem.icproxy.resources.ServiceEndpointResource;
 import org.glassfish.jersey.server.ResourceConfig;
 import org.glassfish.jersey.test.JerseyTest;
+import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;
 
 public class TestCall extends JerseyTest{
@@ -53,12 +55,11 @@ public class TestCall extends JerseyTest{
 		System.out.println(ret);
 	}
 
-
 	@Test
-	public void serviceEndpointAP() {
+	public void serviceEndpointFree() {
 		ScopeProvider.instance.set("/gcube/devsec");
 		//SecurityTokenProvider.instance.set("/gcube/devsec");
-		final String ret = target("ServiceEndpoint").path("Storage").path("StorageManager").path("server1").queryParam("scope", "/gcube/devsec").request().get(String.class);
+		final String ret = target("ServiceEndpoint").path("Storage").path("StorageManager").queryParam("decrypt", true).queryParam("scope", "/gcube/devsec").request().get(String.class);
 		System.out.println(ret);
 	}