We have a bunch of passwords set up that have a username, password, along with some other fields we've defined. Most of our users access vault the normal way through the browser or extension and are able to see all the fields they need.

However what we're trying to do is pull data via the Vault API for an integration in one of our internal systems. I have this working and was even able to figure out decrypting the secret info received from the API. The problem is that no matter what we try in zoho vault in terms of security settings, we're either not able to pull any fields, or we're able to pull and decrypt all fields. 

What we would like is to set up a user account that just exists for API permission reasons, and give the account access to all secrets but NOT give it access to passwords. We only want the username and another custom field.

To be more specific, the endpoint here (https://www.zoho.com/vault/api/password-management.html#get-passwords-id) gives back a secretData. That object contains all the fields related to the secret. What we're wanting is to limit access to a user such that they can get the username, but not the password. Any advice on how to setup user permissions to make that possible without affecting other users who have access to the same secret?