Is there any encryption mechanism where i can ensure that the decryption can only happen within my data center?

I have a requirement where i need to store confidential data in an encrypted format in the url, i understand POST with body is better approach but it is not an option for me. I am thinking of using a pass phrase based AES 128 bit encryption for encrypting the query string parameter. The concern i have is that the url could get cached in different parts of the internet and if the pass phrase is exposed somehow then it could be used to decrypt these values.