With-in provisioning there is a “sensitive” variable type that allows you to transmit passwords or other delicate information to an end-point in a fairly secure manner.
With-in patch and compliance when you create a custom definition you have the option to add an “encrypted” variable (there is no sensitive option). This option is currently not supported and has known security bugs in it. Do not attempt to use it.
I have created an Enhancement Request to fix this: https://community.landesk.com/support/ideas/3919
A work around would be to create a custom encrypt app to encrypt a value to place in as a regular “string”. Then create a decrypt app that decrypts the value passed to it and does a specific action with it.
*Note: Placing sensitive data in as a string with-out doing custom encryption before hand will leave the data exposed on the core server and will leave copies of it on every end-point that scans the definition.