Multiple people in our organization have been confused by this... the "Can View" policy does not allow users to view the secret that is associated with a Passphrase credential. Rather, the "Can Edit" permission is required.