Securing the MOF

I would like to use credentials in a mof. After implementing the directions given here: https://docs.microsoft.com/en-us/powershell/dsc/pull-server/securemof, I am getting pushback from my organization for using the ‘DataEncipherment’ bit. Why isn’t this just ‘KeyEncipherment’?

Because you are not just encrypting a key, but this certificate will be used to encrypt data as well.

The public key will be available on your authoring computer, and when you create the MOF the password will be encrypted with the public key. The only device that can decrypt the password is the computer that has the private key which should be just the DSC target node.

What sort of reason for “pushback” are you getting?

Mike J