I don't know of any supported way to encrypt or remove variable resolution statements from logs or report and would be surprised if there is one.You could certainly wipe the statements from the Automic logs as part of the job run e.g. using sed or perl, but that's just a dirty hack and also a major race condition, and altering the logs might or might not affect your support status if the logs are ever required for support cases. Altering the DB to wipe output from reports certainly would.In general though, I'm a bit wary of automating pass phrase entry through Automic. Without even considering past or future potential security issues or other exposure scenarios in Automic, passing a pass phrase over an Automation tool usually means it's passed as a command line parameter to some process (i.e. your encryption tool). This usually means it's in the OS environment for that process, and this usually means any other job running as the same user can probably get to your pass phrase as well. I'm not saying this is impossible to secure, there's ways to pipe stuff to programs without exposing it to the process environment, but this whole cascade will not be trivial to get right.After all, there's a reason tools will demand a pass phrase on stdin and not via command line, and the gpg man page for instance says: "Obviously, this is of very questionable security on a multi-user system. Don't use this option if you can avoid it."If you ARE using gpg, maybe consider "--passphrase-file". You'd still have a file with a pass phrase that somehow needs to be secured for the purpose (not sure if fully possible), but you wouldn't need to put your pass phrase into Automic.