diff --git a/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactory.java b/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactory.java
index 596c8c1107..1e919d2d39 100644
--- a/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactory.java
+++ b/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactory.java
@@ -61,11 +61,14 @@ public class ConfigClientRequestTemplateFactory {
 
 	private final Log log;
 
+	private EncryptorConfig encryptorConfig;
+
 	private final ConfigClientProperties properties;
 
 	public ConfigClientRequestTemplateFactory(Log log, ConfigClientProperties properties) {
 		this.log = log;
 		this.properties = properties;
+		this.encryptorConfig = properties.getEncryptorConfig();
 	}
 
 	public Log getLog() {
@@ -125,12 +128,13 @@ private Optional<AccessTokenResponse> getOAuthToken(RestTemplate template, Strin
 		return parseTokenResponse(tokenJson);
 	}
 
-	private String decryptProperty(String prop) {
-		if (prop.startsWith("ENC(")) {
-			prop = prop.substring(4, prop.lastIndexOf(")"));
-			return properties.getEncryptorConfig().getEncryptor().decrypt(prop);
+	private String decryptProperty(String property) {
+		if (encryptorConfig != null) {
+			return encryptorConfig.decryptProperty(property);
+		}
+		else {
+			return property;
 		}
-		return prop;
 	}
 
 	private Optional<AccessTokenResponse> parseTokenResponse(String tokenJson) {
diff --git a/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/EncryptorConfig.java b/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/EncryptorConfig.java
index 26ad24a0d0..39ff2ca9a5 100644
--- a/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/EncryptorConfig.java
+++ b/spring-cloud-config-client/src/main/java/org/springframework/cloud/config/client/EncryptorConfig.java
@@ -81,6 +81,14 @@ public StringEncryptor getEncryptor() {
 		return encryptor;
 	}
 
+	public String decryptProperty(String prop) {
+		if (prop.startsWith("ENC(")) {
+			prop = prop.substring(4, prop.lastIndexOf(")"));
+			return getEncryptor().decrypt(prop);
+		}
+		return prop;
+	}
+
 	@Override
 	public String toString() {
 		return "EncryptorConfig{" + "encryptorAlgorithm='" + encryptorAlgorithm + '\'' + ", encryptorIterations="
diff --git a/spring-cloud-config-client/src/test/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactoryTest.java b/spring-cloud-config-client/src/test/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactoryTest.java
index 85f8caf569..9ea78d4ed5 100644
--- a/spring-cloud-config-client/src/test/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactoryTest.java
+++ b/spring-cloud-config-client/src/test/java/org/springframework/cloud/config/client/ConfigClientRequestTemplateFactoryTest.java
@@ -186,27 +186,32 @@ void whenCreate_givenBadTokenResponse_thenNoHeaderSet() {
 	void whenDecryptProperty_givenEncryptedProp_thenDecryptProp() {
 		// given
 		ConfigClientProperties properties = new ConfigClientProperties(new MockEnvironment());
+		System.setProperty(EncryptorConfig.ENCRYPTOR_SYSTEM_PROPERTY, "YaddaYaddaYadda");
 		EncryptorConfig encryptorConfig = new EncryptorConfig();
 		encryptorConfig.setEncryptorAlgorithm("PBEWITHHMACSHA512ANDAES_256");
 		properties.setEncryptorConfig(encryptorConfig);
+
 		properties.setConfigClientOauth2Properties(new ConfigClientOauth2Properties());
 		properties.getConfigClientOauth2Properties().setGrantType("client_credentials");
 		properties.getConfigClientOauth2Properties()
 				.setTokenUri(idpUrl + "/realms/test-realm/protocol/openid-connect/token");
 		properties.getConfigClientOauth2Properties().setOauthUsername("oauthUsername");
 		properties.getConfigClientOauth2Properties().setOauthPassword("oauthPassword");
-		System.setProperty(EncryptorConfig.ENCRYPTOR_SYSTEM_PROPERTY, "YaddaYaddaYadda");
+
 		StringEncryptor encryptor = encryptorConfig.getEncryptor();
 		String secret = UUID.randomUUID().toString();
 		String encryptedProp = encryptor.encrypt(secret);
 		properties.getConfigClientOauth2Properties().setClientSecret("ENC(" + encryptedProp + ")");
-		ConfigClientRequestTemplateFactory templateFactory = new ConfigClientRequestTemplateFactory(LOG, properties);
+		properties.getConfigClientOauth2Properties().setOauthPassword("PLAIN OLD TEXT");
 		// when
-		String actualSecret = ReflectionTestUtils.invokeMethod(templateFactory, "decryptProperty",
-				properties.getConfigClientOauth2Properties().getClientSecret());
+
+		String actualSecret = encryptorConfig
+				.decryptProperty(properties.getConfigClientOauth2Properties().getClientSecret());
 
 		// then
 		assertThat(secret).isEqualTo(actualSecret);
+		actualSecret = encryptorConfig.decryptProperty(properties.getConfigClientOauth2Properties().getOauthPassword());
+		assertThat("PLAIN OLD TEXT").isEqualTo(actualSecret);
 	}
 
 }