Unhashing password credentials

I have an application that stores credentials and tokens for our customers. The idea is to have a recurring job that takes these credentials and make external API calls that require Oauth tokens to do so.

As I have understood the Credentials feature is a oneway hash and you can’t unhash the password to get it in plain text after you have hashed it, correct?

If the above tis true, how does one go about to store sensitive information in Fauna if I also have the need to get that data in plain text later? Do have have to encrypt it with a key on my end before I store it in my FaunaDB and when I read it I decrypt it?