Store encrypted values to be used in access policy

To clarify this: You'd like to store a static string value into the access policy, sort of like a "master password" thing for all users? And encrypt it somehow, and then decrypt it at run-time so you can use it during AP execution. What kind of protection do you need on it? It'd need to be symmetric -- so you need some key material to use. For the built-in secure variables, it uses key material from the user's session. But this is a per-session thing, it's not global to all sessions (that would defeat the purpose). Instead of using encryption directly in the Access Policy, it might be a better idea to store the sensitive information off of BIG-IP completely and instead use a sideband call during AP execution to go grab it. That way, you can store it someplace else.