diff --git a/backend/app/api/v1/host.go b/backend/app/api/v1/host.go
index ff34eccf3..c248abf56 100644
--- a/backend/app/api/v1/host.go
+++ b/backend/app/api/v1/host.go
@@ -1,8 +1,6 @@
 package v1
 
 import (
-	"encoding/base64"
-
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/constant"
@@ -30,44 +28,6 @@ func (b *BaseApi) CreateHost(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
-	if req.AuthMode == "password" && len(req.Password) != 0 {
-		password, err := base64.StdEncoding.DecodeString(req.Password)
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		passwordItem, err := encrypt.StringEncrypt(string(password))
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		req.Password = passwordItem
-		req.PrivateKey = ""
-		req.PassPhrase = ""
-	}
-	if req.AuthMode == "key" && len(req.PrivateKey) != 0 {
-		privateKey, err := base64.StdEncoding.DecodeString(req.PrivateKey)
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		keyItem, err := encrypt.StringEncrypt(string(privateKey))
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		req.Password = keyItem
-
-		if len(req.PassPhrase) != 0 {
-			pass, err := encrypt.StringEncrypt(req.PassPhrase)
-			if err != nil {
-				helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-				return
-			}
-			req.PassPhrase = pass
-		}
-		req.Password = ""
-	}
 
 	host, err := hostService.Create(req)
 	if err != nil {
@@ -216,40 +176,30 @@ func (b *BaseApi) UpdateHost(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
-	if req.AuthMode == "password" && len(req.Password) != 0 {
-		password, err := base64.StdEncoding.DecodeString(req.Password)
+	var err error
+	if len(req.Password) != 0 && req.AuthMode == "password" {
+		req.Password, err = hostService.EncryptHost(req.Password)
 		if err != nil {
 			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 			return
 		}
-		passwordItem, err := encrypt.StringEncrypt(string(password))
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		req.Password = passwordItem
+		req.PrivateKey = ""
+		req.PassPhrase = ""
 	}
-	if req.AuthMode == "key" && len(req.PrivateKey) != 0 {
-		privateKey, err := base64.StdEncoding.DecodeString(req.PrivateKey)
+	if len(req.PrivateKey) != 0 && req.AuthMode == "key" {
+		req.PrivateKey, err = hostService.EncryptHost(req.PrivateKey)
 		if err != nil {
 			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 			return
 		}
-		keyItem, err := encrypt.StringEncrypt(string(privateKey))
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		req.PrivateKey = keyItem
-
 		if len(req.PassPhrase) != 0 {
-			pass, err := encrypt.StringEncrypt(req.PassPhrase)
+			req.PassPhrase, err = encrypt.StringEncrypt(req.PassPhrase)
 			if err != nil {
 				helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 				return
 			}
-			req.PassPhrase = pass
 		}
+		req.Password = ""
 	}
 
 	upMap := make(map[string]interface{})
diff --git a/backend/app/service/host.go b/backend/app/service/host.go
index 6db0d7972..ed72019d1 100644
--- a/backend/app/service/host.go
+++ b/backend/app/service/host.go
@@ -24,6 +24,8 @@ type IHostService interface {
 	Create(hostDto dto.HostOperate) (*dto.HostInfo, error)
 	Update(id uint, upMap map[string]interface{}) error
 	Delete(id []uint) error
+
+	EncryptHost(itemVal string) (string, error)
 }
 
 func NewIHostService() IHostService {
@@ -220,6 +222,28 @@ func (u *HostService) SearchForTree(search dto.SearchForTree) ([]dto.HostTree, e
 }
 
 func (u *HostService) Create(req dto.HostOperate) (*dto.HostInfo, error) {
+	var err error
+	if len(req.Password) != 0 && req.AuthMode == "password" {
+		req.Password, err = u.EncryptHost(req.Password)
+		if err != nil {
+			return nil, err
+		}
+		req.PrivateKey = ""
+		req.PassPhrase = ""
+	}
+	if len(req.PrivateKey) != 0 && req.AuthMode == "key" {
+		req.PrivateKey, err = u.EncryptHost(req.PrivateKey)
+		if err != nil {
+			return nil, err
+		}
+		if len(req.PassPhrase) != 0 {
+			req.PassPhrase, err = encrypt.StringEncrypt(req.PassPhrase)
+			if err != nil {
+				return nil, err
+			}
+		}
+		req.Password = ""
+	}
 	var host model.Host
 	if err := copier.Copy(&host, &req); err != nil {
 		return nil, errors.WithMessage(constant.ErrStructTransform, err.Error())
@@ -290,3 +314,12 @@ func (u *HostService) Delete(ids []uint) error {
 func (u *HostService) Update(id uint, upMap map[string]interface{}) error {
 	return hostRepo.Update(id, upMap)
 }
+
+func (u *HostService) EncryptHost(itemVal string) (string, error) {
+	privateKey, err := base64.StdEncoding.DecodeString(itemVal)
+	if err != nil {
+		return "", err
+	}
+	keyItem, err := encrypt.StringEncrypt(string(privateKey))
+	return keyItem, err
+}