This has been very useful for Jamf policy / script parameters that contain passwords. It's not perfect because the passphrase and salt must be transferred as well, but at least it's not in cleartext...
You can use OpenSSL to generate psuedo-random text which is more than enough for this tbh considering all the other problems this solution has. I believe the salt cant be more than 8 characters long cuz it's a hexidecimal value. Or it could be that both the salt and the passphrase need to be a valid hex string which means they could be longer just have to be a specific length. (Idk I could be entirely wrong on this).
Just do 8 and 12, I know that works.
man openssl
-S salt
The actual salt to use: this must be represented as a string comprised only of hex digits.
openssl rand -hex 8 - salt
openssl rand -hex 12 - passphase
This will generate your encrypted text. If you want to-say-change a user account password, you could use the same salt and passphrase for both the old and new passwords.
echo "<your password>" | openssl enc -aes256 -a -A -S <salt hex string> -k <passphrase hex string>
#!/bin/sh
salt=<your salt string>
passphrase=<your passphrase string>
old_adminpass="$(echo "${4}" | /usr/bin/openssl enc -aes256 -d -a -A -S "$salt" -k "$passphrase")"
new_adminpass="$(echo "${5}" | /usr/bin/openssl enc -aes256 -d -a -A -S "$salt" -k "$passphrase")"
# Reset a local account password
/usr/local/bin/jamf changePassword -username localadmin -password "$new_adminpass" -oldPassword "$old_adminpass"