Hello Meta Box team! First of all, thank you for the amazing plugin.
I would like to suggest a new field type (or a new parameter for the standard text field) to solve a very common and frustrating issue when developing API integrations.
The Problem:
When we need to store an API Key or Token (e.g., Stripe, OpenAI, custom APIs) inside a User Profile, we want to mask the input in the UI so the token isn't fully exposed on the screen (shoulder-surfing protection). The natural instinct is to use the type => 'password' field.
However, when this field is saved on a User Profile page, WordPress core aggressively intercepts it and applies its default password hashing algorithm (saving it as $2y$... or $P$B...). This completely destroys the API token, making it impossible to use in a wp_remote_post request.
The Current Workaround:
Right now, developers have to manually create custom HTML fields, write JS to handle the "show/hide" toggle, and write custom PHP callbacks to intercept the $_POST data and save it as plain text to bypass the WP core hashing.
The Feature Request:
It would be incredibly helpful to have a masked_text field type (or a 'masked' => true setting on the standard text field).
This feature would:
Render an <input type="password"> in the HTML (masking the characters).
Ideally, include a native UI "Eye" icon to toggle visibility (show/hide text).
Crucially: Ensure the value is saved as raw, plain text in the database, safely bypassing the WordPress user password hashing routines.
Since API integrations are a daily task for most developers, having a native, secure-looking way to handle tokens without fighting WP core would be a massive quality-of-life improvement.
Thank you for your time and for considering this feature!
.
