The behaviour is configurable via a feature toggle that can be enabled which instructs vRealize Automation to pass encrypted values to vRealize Orchestrator.
Note before proceeding best practise dictates you first snapshot the vRealize Automation appliances
1. Open https://$VRA_HOSTNAME:443/automation-ui/#/provisioning-ui;ash=%2FconfigurationProperties.
2. Create a new Configuration property with the key "vro.encryption.enabled" and a value of "true".
Now when you run a workflow/action these inputs will appear encrypted in Orchestrator. However, this can be a destructive change!
3. If these variables are leveraged in the scripting, you will no longer be able to use them directly as they will be encrypted. The objects themselves will still be a Javascript string, however, it will have an encrypted value. In order to fix this, you need to decrypt the values before they can be used in the code.
For example if prior to enabling the toggle the password code looked like this:
inputProperties.get("customProperties").get("password")
You would need to change it to something like this in order to decrypt the password value:
EncryptionService.decrypt(inputProperties("customProperties").get("password"), System.getContext().getOneTimeKey()))