I’ve been dabbling with DSC for a few weeks now and have set up a pull server, made some resources and scripted compiling of ConfigurationData. For passwords I’ve been using certificates from ADCS, which works but I have some challenges.
How do you handle initial registration of nodes and automatically register the certificate with both the node and the pull server?
Ideeally I want to set up a build pipeline with build servers automatically detecting code changes from git. How do you go about encrypting passwords in this scenario? I suppose I could use a single certificate for all the build servers and encrypt an entire script which would be sourced in to the configuration script, but it does not seem like a great solution.