The encrypted data (endpoint properties and policy config) is decrypted and stored when cloning a service. Even the source of the clone ends up being decrypted. I believe this is because the various get operations in the JpaStorage result in a decrypt operation and then a jpa commit follows that. The result is that the jpa entity is changed and then written to the DB. All get operations should be proceeded by a rollback instead of a commit (I think).