In short, does anyone know of a JMeter workaround to mask/encrypt values sent as an HTTP request parameter?

My company has a rule that user name/passwords cannot be stored in scripts.

In my JMeter scripts, I've gotten around this by passing the user name/password through the command line and storing them as properties to be retrieved later.

The user name and password are passed in an HTTP Request as parameters. This causes the actual user name/password to be written to the Simple Results file and be displayed in the View Results Tree > Request tab.

Also asked on nabble: