I am working through some threat modelling and would like to know how KeepassXC handles the decryption process for passwords. When opening the password file a number of entries are displayed in the window. At least the username, URL and icon(if used) must be decrypted, because these are all visible. But what about the password? Is this left encrypted until I try to use it, or is it also decrypted but then hidden?