Password saved in html

[gndcyber]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• The title contains the plugin to which this issue belongs

Describe the bug
The passwords used in the Google Drive and NextCloud backup are saved in the HTML, even though they show ".............." in the web interface. If the user uses F12 and inspects the element, the password will be there in plain text.

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce
Steps to reproduce the behavior:

1. Go to 'System -> Configuration -> Backups'
2. Press F12 and select the password field
3. You will see the password in plain text

Expected behavior
The password should be stored securely in OPNsense and could not be loaded into the web interface.

Screenshots

Relevant log files
If applicable, information from log files supporting your claim.

Additional context
Add any other context about the problem here.

Environment
Software version used and hardware type if relevant.
e.g.:

OPNsense 25.7.3_7-amd64
FreeBSD 14.3-RELEASE-p2
OpenSSL 3.0.17

[Monviech]

There is a field type for this usecase

https://docs.opnsense.org/development/frontend/models_fieldtypes.html#updateonlytextfield

Guess its not used there:

plugins/sysutils/nextcloud-backup/src/opnsense/mvc/app/models/OPNsense/Backup/NextcloudSettings.xml

Line 35 in 97603fc

<password type="TextField">

Should theoretically be a one line fix.