So we were going to tackle this by having the concept of a 'vault'. Notes of a type 'encrypted' could be stored against a client or a contract product. They may be visible to clients or may not be.
This is particularly useful if a client wants to share logins to for example their wordpress site for you to debug, or to an old host for a migration.
We were also going to extend the idea to a central staff vault, so passwords that staff might need would be encrypted in a central panel like a password store.
(Our internal roadmap ref: b892)