Module Version: dsc and dsc-lite
Puppet Version: 5.5.x and up
OS Name/Version: Windows
The DSC and DSC-lite modules both evaluate an ERB script containing powershell and in the process interpolate credentials needed to manage resources such as the dsc_user. However, when running with puppet agent -td, the powershell script with interpolated credentials is output to the console and captured in the report. For example, given the manifest:
We should not expose credentials, which I think realistically means we shouldn't emit the powershell script to stdout/console.