DSC with IIS and Kerberos

looking to configure Kerberos on my existing 2012r2 server., powershell wmf 4.
from what I understand I need to change the Network Services account for each application. how do I pass the password using DSC?
the password will be in clear text?


DSC does not permit passwords in clear text by default. Credentials must be encrypted, and you will need certificates (not self-signed) to do that. Want to secure credentials in Windows PowerShell Desired State Configuration? - PowerShell Team discusses the technique.

do I need to worry about passwords, under DSC? I was looking to start using Kerberos with IIS behind a F5 load balancer and I need to change the identity from Application Pool Identity NETWORK SERVICE to something else.