It gets stored in extra_data, which can be exposed.
For how to encrypt things, I'd look at some of the other hosting services (beanstalk, for example). Search for encrypt_password/decrypt_password.

Well, I don't know how to encrypt it in class JIRAForm(HostingServiceForm):. Decryption should be easy: auth = (user, decrypt_password(psw)).
But maybe it would be better to split out the entire bug tracker stuff. We have 350 repositories with the same bug-tracker. I won't add user/psw to all repositories. ;-)

Redoing bug tracker configuration is planned for hopefully RB5. It's long-overdue, and the current model limits us in too many ways. There will be a centralized configuration for each bug tracker you want to use, instead of making that part of the repository configuration.
For encrypting, you can do:

def clean_jira_psw(self):
    return encrypt_password(self.cleaned_data['jira_psw'].strip())

Thanks!
I have two problems now.

If I have a Jira and did not add the credentials (or bad credentials) but the server requires it, it has this error and the worker nerver stopps und blocks the whole process.

15:02:00    WARNING     

 - root - Got recoverable error from GET https://jira.company.de/rest/api/2/issue/APP-1235, will retry [2/3] in 14.9607447152s. Err: 401

15:02:00    DEBUG   

 - urllib3.connectionpool - https://jira.company.de:443 "GET /rest/api/2/issue/APP-1235 HTTP/1.1" 401 None



If I use the correct credentials it works until I re-open the repository settings and press "Save" again. This will clean the password - so I need to add the password anytime I save the repo settings.

For the former, this seems like something coming from the jira module, which would require seeing if they have a mechanism for turning off retrying logic.
To handle the latter case, I'd suggest only conditionally saving the username/password. If it's provided, save it. Otherwise, use what's already stored.

Thanks, max_retries did the trick.
Well, tried it but I don't know RB internals enough to add that. :-(