Seems it’s the only way in your case as you try to store username/password into ledger. This involves private data which may complicate the chaincode design and operation.
Another thought is that whether it is good to keep state data“encrypted”. I agree your point that it helps protecting against database attack. But my thought is more whether blockchain ledger should keep such critical information. It’s always a good debate what to be stored in the ledger. My intent is to avoid putting privacy-concern data into ledger. Rather use ledger to provide protection for off-chain data (e.g. hash, or signature). Majority of data should be sharable and transparent to participating organizations, while a few data may be protected using data privacy, rather than using encryption. Just my thought. No right or wrong.