I checked the code of CModel, and in my opinion there are no ways for do it in a "clean way".
My suggestion is to insert the user with AR and then write a custom update for the password
Yii::app()->db->commandBuilder->createSqlCommand("UPDATE user SET PASSWORD ENCODE( 'password', 'secretkey' )")->execute();
And when you check the password, you can write a simiar command for get the password decoded.
Like that is not the best one solution possible, but at least is working and your application can continue to grow. If you find a best one solution, please write here, I am interested too.
You could change the model dbCriteria before "find" operations ($dbkey here is retrieved from Yii app parameters):
protected function beforeFind()
{
$dbkey = Yii::app()->params['dbkey'];
$this->model()->dbCriteria->select = array(
"t.id AS id",
"DECODE(t.encoded_field_1, '$key') AS encoded_field_1",
"DECODE(t.encoded_field_2, '$key') AS encoded_field_2",
"t.field3 AS field3",// UNENCODED FIELD
//....list all remaining unencoded fields you need here
);
}
OR
protected function beforeFind()
{
$dbkey = Yii::app()->params['dbkey'];
$this->model()->dbCriteria->select = array(
"*",//all fields are retrieved
"DECODE(t.encoded_field_1, '$key') AS encoded_field_1",//encoded_field_1 is now overwritten by decode value
"DECODE(t.encoded_field_2, '$key') AS encoded_field_2",//encoded_field_2 is now overwritten by decode value
);
}