Hibernate - Store a column as encrypted, and decrypt only on runtime

Currently there is not a way to parameterize the pieces of the read/write fragments. They are more meant as general purpose solutions. We have discussed adding support for @Encrypted in Hibernate that would roughly act like you suggest. @Encrypted would give more flexibility, like in-vm crypto versus in-db crypto, parameterization, etc.

JPA 2.1 also has a feature you could use, called attribute converters. They would only be able to apply in-vm crypto however.