Create Cert Auth by script Resource

Hi Scripting guys, Help me pls in my task:
I have Pull Server and clients in my Workgroup env. On client site allow only Certificate Authenticate by WinRM. All works fine but in the case, when the build administrator credential need to change I should recreate WinRM settings with help command below:

New-Item -Path "WSMan:\localhost\ClientCertificate" -Credential $(Get-Credential) -Subject '' -URI * -Issuer '18B10C2E8F7E8FC0F2F04BE230CABFDAB63CFB04' -Force  

This command works but I should perform it on each of node manually.
I tried to automate this process but I can write script only include plain-text password, like :

Script CreateCertAuth
                SetScript = { 
                 $temp = @"
                `$securePass =`$null
                `$myCreds = `$null

                `$userName = "Administrator"
                `$pass = "Passw0rd"
                `$securePass = ConvertTo-SecureString –String `$pass –AsPlainText -Force
                `$myCreds = New-Object System.Management.Automation.PSCredential (`$userName, `$securePass)
                Get-ChildItem WSMan:\localhost\ClientCertificate | ?{`$_.keys -eq "Subject=' "} | Remove-Item  -Recurse
                New-Item -Path WSMan:\localhost\ClientCertificate -Credential `$myCreds -Subject ' ' -URI * -Issuer '18B10C2E8F7E8FC0F2F04BE230CABFDAB63CFB04' -Force 

                & Invoke-Expression -Command $temp

How I can change my script without any playn-text information ($userName, $pass), is it possible?
I would like to give something like:

$cred = Get-credential
New-Item -Path WSMan:\localhost\ClientCertificate -Credential $cred -Subject ' ' -URI * -Issuer '18B10C2E8F7E8FC0F2F04BE230CABFDAB63CFB04' -Force 

You would need to write a custom resource for this, instead of using the built-in Script resource. When you’ve done that, and you declare one of your resource’s parameters to be of type [pscredential], then DSC can encrypt the password for you when it creates the MOF document. (This does require some setup, though; the managed hosts need to have a certificate to decrypt the password, and the computer that compiles the MOF file has to know what certificate to use when encrypting each node’s credentials.)

As I understood my solution where like there?: