diff --git a/internal/model/vendorBackend.go b/internal/model/vendorBackend.go
index 456a8b4..df726b3 100644
--- a/internal/model/vendorBackend.go
+++ b/internal/model/vendorBackend.go
@@ -21,12 +21,12 @@ type Etcd struct {
 }
 
 type Backend struct {
-	Endpoint     string `gorm:"primaryKey" json:"endpoint"`
-	Comment      string `gorm:"type:text" json:"comment"`
-	Tls          bool   `gorm:"default:false" json:"tls"`
-	JwtSecret    string `json:"jwtSecret"`
-	CustomCAFile string `json:"customCaFile"`
-	TimeOut      string `gorm:"default:10s" json:"timeOut"`
+	Endpoint  string `gorm:"primaryKey" json:"endpoint"`
+	Comment   string `gorm:"type:text" json:"comment"`
+	Tls       bool   `gorm:"default:false" json:"tls"`
+	JwtSecret string `json:"jwtSecret"`
+	CustomCA  string `gorm:"type:text" json:"customCA"`
+	TimeOut   string `gorm:"default:10s" json:"timeOut"`
 
 	Consul Consul `gorm:"embedded;embeddedPrefix:consul_" json:"consul"`
 	Etcd   Etcd   `gorm:"embedded;embeddedPrefix:etcd_" json:"etcd"`
@@ -64,6 +64,11 @@ func (v *VendorBackend) BeforeSave(tx *gorm.DB) error {
 			return err
 		}
 	}
+	if v.Backend.CustomCA != "" {
+		if v.Backend.CustomCA, err = utils.CryptoToBase64([]byte(v.Backend.CustomCA), key); err != nil {
+			return err
+		}
+	}
 	return nil
 }
 
@@ -94,5 +99,12 @@ func (v *VendorBackend) AfterFind(tx *gorm.DB) error {
 			v.Backend.Etcd.Password = string(data)
 		}
 	}
+	if v.Backend.CustomCA != "" {
+		if data, err = utils.DecryptoFromBase64(v.Backend.CustomCA, key); err != nil {
+			return err
+		} else {
+			v.Backend.CustomCA = string(data)
+		}
+	}
 	return nil
 }
diff --git a/internal/vendor/vendor.go b/internal/vendor/vendor.go
index e661596..bdc626e 100644
--- a/internal/vendor/vendor.go
+++ b/internal/vendor/vendor.go
@@ -400,12 +400,8 @@ func NewGrpcClientConn(ctx context.Context, conf *model.Backend) (*grpc.ClientCo
 		if err != nil {
 			return nil, err
 		}
-		if conf.CustomCAFile != "" {
-			b, err := os.ReadFile(conf.CustomCAFile)
-			if err != nil {
-				return nil, err
-			}
-			rootCAs.AppendCertsFromPEM(b)
+		if conf.CustomCA != "" {
+			rootCAs.AppendCertsFromPEM([]byte(conf.CustomCA))
 		}
 		opts = append(opts, ggrpc.WithTLSConfig(&tls.Config{
 			RootCAs: rootCAs,
@@ -462,8 +458,8 @@ func NewHttpClientConn(ctx context.Context, conf *model.Backend) (*http.Client,
 		if err != nil {
 			return nil, err
 		}
-		if conf.CustomCAFile != "" {
-			b, err := os.ReadFile(conf.CustomCAFile)
+		if conf.CustomCA != "" {
+			b, err := os.ReadFile(conf.CustomCA)
 			if err != nil {
 				return nil, err
 			}