Passing credentials to DSC script from arm template

Question

I am trying to deploy a VM with a DSC extension from an ARM template. According to various sources, and even this SO question, I am following the correct way to pass a credential object to my script:

"properties": {
            "publisher": "Microsoft.Powershell",
            "type": "DSC",
            "typeHandlerVersion": "2.19",
            "autoUpgradeMinorVersion": true,
            "settings": {
              "modulesUrl": "[concat(parameters('_artifactsLocation'), '/', variables('ConfigureRSArchiveFolder'), '/', variables('ConfigureRSArchiveFileName'), '/', parameters('_artifactsLocationSasToken'))]",
              "configurationFunction": "[variables('rsConfigurationConfigurationFunction')]",
              "properties": {
                "SQLSAAdminAuthCreds": {
                  "UserName": "[parameters('SSRSvmAdminUsername')]",
                  "Password": "PrivateSettingsRef:SAPassword"
                }
              }
            },
            "protectedSettings": {
              "Items": {
                "SAPassword": "[parameters('SSRSvmAdminPassword')]"
              }
            }
          }

However, when I deploy it, I get this error message:

Error message: "The DSC Extension received an incorrect input: The password element of 
argument 'SQLSAAdminAuthCreds' to configuration 'PrepareSSRSServer' does not 
match the required format. It should be as follows 
                {
                    "UserName" : "MyUserName",
                    "Password" : "PrivateSettingsRef:MyPassword"
                }.
Please correct the input and retry executing the extension.".

As far as I can see, my format is correct. What am I missing? Thanks

Answer 1

It seems that function try to use the paramters that cause the issue. So please have try a check the function in the ps1 file where use the SQLSAAdminAuthCreds. I can't repro the issue that your mentioned. I do a demo for it, the following is my detail steps.

1.Prepare a ps1 file, I get the demo code from article

configuration Main
{
    param(
        [Parameter(Mandatory=$true)]
        [ValidateNotNullorEmpty()]
        [PSCredential]
        $SQLSAAdminAuthCreds
    )    
    Node localhost {       
        User LocalUserAccount
        {
            Username = $SQLSAAdminAuthCreds.UserName
            Password = $SQLSAAdminAuthCreds
            Disabled = $false
            Ensure = "Present"
            FullName = "Local User Account"
            Description = "Local User Account"
            PasswordNeverExpires = $true
        } 
    }  
}

2.Zip the ps1 file

3.Download the ARM template and parameters from the Azure portal.

4.Edit the template and parameter file

5. Try to deploy the ARM template with VS or Powershell

6. Check it from the Azure portal or output.