We are using a nonstored password parameter from the Mask Password Plugin where the user types in their password.

Then we use an Active Choice Reactive Reference Parameter, referencing the user password to request a login token which we pass to the job. This is hidden and returns the token as an <input>.

We would like an option to mask out this much like Mask Password Plugin can mask generic passwords.