diff --git a/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeDialog.java b/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeDialog.java
index 91cc59b63409648bafe15d2e517c2f02e8380fd1..91f4e7502ae096d03c608762898d086f8194261c 100644
--- a/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeDialog.java
+++ b/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeDialog.java
@@ -137,7 +137,7 @@ public class QueryNodeDialog extends NodeDialogPane
     {
         urlField.setText(settings.getString(URL_KEY, ""));
         userField.setText(settings.getString(USER_KEY, ""));
-        passwordField.setText(settings.getString(PASSWORD_KEY, ""));
+        passwordField.setText(Util.getDecryptedPassword(settings));
         byte[] bytes = settings.getByteArray(QUERY_DESCRIPTION_KEY, null);
         QueryDescription queryDescriptionOrNull = Util.deserializeQueryDescription(bytes);
         parameterBindings.loadValidatedSettingsFrom(settings);
@@ -153,7 +153,7 @@ public class QueryNodeDialog extends NodeDialogPane
     {
         settings.addString(URL_KEY, urlField.getText().trim());
         settings.addString(USER_KEY, userField.getText().trim());
-        settings.addString(PASSWORD_KEY, passwordField.getText().trim());
+        settings.addString(PASSWORD_KEY, Util.getEncryptedPassword(passwordField.getPassword()));
         byte[] bytes = Util.serializeQueryDescription(getSelectedQueryDescriptionOrNull());
         settings.addByteArray(QUERY_DESCRIPTION_KEY, bytes);
         parameterBindings.removeAllBindings();
diff --git a/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeModel.java b/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeModel.java
index e6f04afb28dac36ee320ecfe7748b97a87ba1bd6..89c82719fa2d08c9615254fed9e8db4ef1b23583 100644
--- a/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeModel.java
+++ b/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/QueryNodeModel.java
@@ -83,7 +83,7 @@ public class QueryNodeModel extends NodeModel
     {
         url = settings.getString(URL_KEY);
         userID = settings.getString(USER_KEY);
-        password = settings.getString(PASSWORD_KEY);
+        password = Util.getDecryptedPassword(settings);
         queryDescription = Util.deserializeQueryDescription(settings.getByteArray(QUERY_DESCRIPTION_KEY));
         parameterBindings.loadValidatedSettingsFrom(settings);
     }
@@ -93,7 +93,7 @@ public class QueryNodeModel extends NodeModel
     {
         settings.addString(URL_KEY, url);
         settings.addString(USER_KEY, userID);
-        settings.addString(PASSWORD_KEY, password);
+        settings.addString(PASSWORD_KEY, Util.getEncryptedPassword(password.toCharArray()));
         settings.addByteArray(QUERY_DESCRIPTION_KEY, Util
                 .serializeQueryDescription(queryDescription));
         parameterBindings.saveSettingsTo(settings);
diff --git a/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/Util.java b/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/Util.java
index 5159c51cd2c870c8e53acf378d2dee6ad6e1653c..56d4710107e746c2b1fa1a42a15bb700f3f7ca9b 100644
--- a/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/Util.java
+++ b/openbis_knime/source/java/ch/systemsx/cisd/openbis/knime/query/Util.java
@@ -16,12 +16,18 @@
 
 package ch.systemsx.cisd.openbis.knime.query;
 
+import static ch.systemsx.cisd.openbis.knime.query.QueryNodeModel.PASSWORD_KEY;
+
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 
+import org.knime.core.node.NodeSettingsRO;
+import org.knime.core.util.KnimeEncryption;
+
+import ch.systemsx.cisd.base.exceptions.CheckedExceptionTunnel;
 import ch.systemsx.cisd.openbis.plugin.query.shared.api.v1.dto.QueryDescription;
 import ch.systemsx.cisd.openbis.plugin.query.shared.api.v1.dto.QueryTableColumnDataType;
 
@@ -74,4 +80,26 @@ class Util
             default: return ColumnType.STRING;
         }
     }
+
+    static String getDecryptedPassword(NodeSettingsRO settings)
+    {
+        try
+        {
+            return KnimeEncryption.decrypt(settings.getString(PASSWORD_KEY, ""));
+        } catch (Exception ex)
+        {
+            throw CheckedExceptionTunnel.wrapIfNecessary(ex);
+        }
+    }
+
+    static String getEncryptedPassword(char[] bytes)
+    {
+        try
+        {
+            return KnimeEncryption.encrypt(bytes);
+        } catch (Exception ex)
+        {
+            throw CheckedExceptionTunnel.wrapIfNecessary(ex);
+        }
+    }
 }