diff --git a/server/src/lib/paloalto.js b/server/src/lib/paloalto.js
index 5c16ee5..887fa58 100644
--- a/server/src/lib/paloalto.js
+++ b/server/src/lib/paloalto.js
@@ -172,4 +172,4 @@ async function addHost({ cidr, user, password, description, note }) {
   }
 }
 
-export { updateUserIdMappings, addHost }
+export { updateUserIdMappings, addHost, decryptKey }
diff --git a/server/src/resolvers/PAHost.js b/server/src/resolvers/PAHost.js
new file mode 100644
index 0000000..50671fe
--- /dev/null
+++ b/server/src/resolvers/PAHost.js
@@ -0,0 +1,7 @@
+import { decryptKey } from '../lib/paloalto'
+
+const PAHost = {
+  key: parent => decryptKey(parent.encryptedKey).slice(0, 5) + '*****'
+}
+
+export { PAHost }
diff --git a/server/src/resolvers/Query/index.js b/server/src/resolvers/Query/index.js
index fdcc980..2415cda 100644
--- a/server/src/resolvers/Query/index.js
+++ b/server/src/resolvers/Query/index.js
@@ -2,6 +2,7 @@ import { basicUser } from './basicUser'
 import { groups } from './groups'
 import { logs } from './logs'
 import { me } from './me'
+import { pAHosts } from './pAHosts'
 import { stats } from './stats'
 import { user } from './user'
 import { userPresence } from './userPresence'
@@ -14,6 +15,7 @@ const Query = {
   groups,
   logs,
   me,
+  pAHosts,
   stats,
   user,
   userPresence,
diff --git a/server/src/resolvers/Query/pAHosts.js b/server/src/resolvers/Query/pAHosts.js
new file mode 100644
index 0000000..c6dda20
--- /dev/null
+++ b/server/src/resolvers/Query/pAHosts.js
@@ -0,0 +1,5 @@
+import prisma from '../../prisma'
+
+export function pAHosts() {
+  return prisma.pAHost.findMany()
+}
diff --git a/server/src/resolvers/index.js b/server/src/resolvers/index.js
index 840b0c0..2c89fc3 100755
--- a/server/src/resolvers/index.js
+++ b/server/src/resolvers/index.js
@@ -4,6 +4,7 @@ import { Subscription } from './Subscriptions'
 
 import { Group } from './Group'
 import { Log } from './Log'
+import { PAHost } from './PAHost'
 import { ResetToken } from './ResetToken'
 import { Stats } from './Stats'
 import { User } from './User'
@@ -17,6 +18,7 @@ const resolvers = {
 
   Group,
   Log,
+  PAHost,
   ResetToken,
   Stats,
   User,
diff --git a/server/src/typeDefs.js b/server/src/typeDefs.js
index 36e50f4..5e6e343 100644
--- a/server/src/typeDefs.js
+++ b/server/src/typeDefs.js
@@ -56,6 +56,8 @@ const typeDefs = gql`
     ): [Log]!
       @auth(roles: ["superAdmin"])
       @cacheControl(maxAge: 2, scope: PRIVATE)
+
+    pAHosts: [PAHost!]! @auth(roles: ["superAdmin"])
   }
 
   type Mutation {
@@ -257,12 +259,18 @@ const typeDefs = gql`
     ERROR
   }
 
+  "A Palo Alto firewall host"
   type PAHost {
     id: ID!
-    description: String
-    cidr: String
-    key: String
+    "Short description"
+    description: String!
+    "IP address in CIDR format"
+    cidr: String!
+    "First 5 characters from the key"
+    key: String!
+    "OptionalNote"
     note: String
+
     createdAt: String
     updatedAt: String
   }