diff --git a/encrypted-parameters.md b/encrypted-parameters.md
new file mode 100644
index 000000000..498e50963
--- /dev/null
+++ b/encrypted-parameters.md
@@ -0,0 +1,22 @@
+---
+---
+
+# Encrypted Input Parameters
+
+The parameters passed to a playbook method are often encrypted, either by definition as a "password" data type in the list of input parameters, or by being encrypted elsewhere in a workflow.
+
+## Encrypted Input Parameters
+
+An input parameter can be defined as being of type "password", for example:
+
+Input Parameters
+
+| **Input Name**            |  **Data Type**            | **Default value**            |
+| ------------------------- | ------------------------- |----------------------------- |
+| this                      | string                    | that                         |
+| manageiq_validate_certs   | boolean                   | false                        |
+| scrambled_this            | password                  | ********                     |
+
+
+
+A parameter of this type is decrypted automatically and is available to the playbook as the named extra variable, for example *{{ scrambled_this }}*. Note that an input parameter that has the text string "password" anywhere in the name cannot be passed as a method parameter, and hence cannot appear in the list of method parameters that are returned by the `get_method_parameters` function. The variable is available as an extra_var with the password value decrypted correctly.