I have put together a wide library of PowerCLI scripts for managing my vSphere infrastructure over the years. I've finally decided to join the 21st century and so have installed Orchestrator. After a bit of fumbling, I've gotten my PowerShell host configured and have run a few basic test scripts. Unfortunately, it seems that I have only 2 options for how these scripts connect to vCenter (within the PowerCLI script itself):
1) use the WinRM service account credentials to run the connect-viserver command, in which case all script actions register as being executed by that service account.
2) prompt the user for username/password and pass them to the PowerCLI script in plain text, in which case those passwords are potentially exposed.
I'm not really happy with either of these possibilities. I see that Orchestrator has the ability to create a Credential object; the PowerCLI connect-viserver cmdlet has the ability to take a Credential object as input (in addition to specifying -user and -password as plain text). Unfortunately, the "Invoke an external script" workflow object only takes a string for its "arguments" input. Does anyone know of a way for me to securely pass user credentials from Orchestrator to a PowerShell/PowerCLI script?