diff --git a/server/common/crypto.go b/server/common/crypto.go
index da7e47ed..2ac22227 100644
--- a/server/common/crypto.go
+++ b/server/common/crypto.go
@@ -30,7 +30,7 @@ func EncryptString(secret string, data string) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	d, err = encrypt([]byte(secret), d)
+	d, err = EncryptAESGCM([]byte(secret), d)
 	if err != nil {
 		return "", err
 	}
@@ -126,7 +126,7 @@ func QuickString(n int) string {
 	return string(b)
 }
 
-func encrypt(key []byte, plaintext []byte) ([]byte, error) {
+func EncryptAESGCM(key []byte, plaintext []byte) ([]byte, error) {
 	c, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
diff --git a/server/ctrl/session.go b/server/ctrl/session.go
index efb78d4a..8454968b 100644
--- a/server/ctrl/session.go
+++ b/server/ctrl/session.go
@@ -382,6 +382,10 @@ func SessionAuthMiddleware(ctx *App, res http.ResponseWriter, req *http.Request)
 						}
 						return false
 					},
+					"encryptGCM": func(str string, key string) (string, error) {
+						data, err := EncryptAESGCM([]byte(key), []byte(str))
+						return base64.StdEncoding.EncodeToString(data), err
+					},
 				}).
 				Parse(str)
 			mappingToUse[k] = str