The problem with generically obscuring an encrypted macro value for logging is that when the macro value is expanded, there's no way of knowing if it will be used in the build, or logged, or both. And at the point where build output is logged, there's no way to know what, if any, parts contain values that were encrypted. One thing that might help would be to turn off the logging of the command in the step's vbld_StepStarting script event, i.e.:
Step.Property("ShowCmd") = False
http://www.kinook.com/VisBuildPro/Ma...riptevents.htm