I suggest that you define a function on your data object

function getDecryptedPromoCode() {
if(Permission::check("ADMIN")) return decryptsomehow($this->PromoCode);
else return "(secret)";
}

A function that starts with "get" can be used as a getter; this means that $obj->DecryptedPromoCode will return the decrypted value.

This means that you can create a form with a field, DecryptedPromoCode, and it will show you the decrypted promo code. The permission check will mean that if you mistakenly show this field to an admin that it won't be a security hole. This is important: security should be implemented in the DataObject layer, and not in the controller/form layer.

If you want to update the field, you will need to define setDecryptedPromoCode() as well.

You might do away with the onBeforeWrite() altogether, and instead do this encryption in setDecryptedPromoCode().

ok I am racking my brains on this.

I am extending the Memeber Data Object from what I have learnt from the Forum mod.

So do I need to use the getDecryptedPromoCode() function within the Member DataObject of in a new Data Object which references that?

I keep getting Fatal error: Call to undefined function notices when I try to use getDecrypt.....

I am happy to pay someone to tell me... i am pulling hair out!