Make sensitive variables more secure
Sensitive variables pass to script as a String, so they could be written to file/socket. I think there should be an option to make those variables more secure and pass them as SecureString instead of String.
Rory Plaire commented
It is not true that you always need to decrypt a SecureString to pass to a service. SqlConnection for example takes a SqlCredential which is built with a SecureString. Azure Powershell functions use pscredential which also can be built with a SecureString. In these cases, the sensitive data never needs to be decrypted in managed memory, making it more secure.
Adam Robinson commented
I'm not sure that would really help--SecureString is simply a means of passing a string in a way where another process could not read the contents of your program's memory (if it could figure out the location) to obtain the value of the string. Ultimately if the step in question has to make use of the sensitive variable (assign it as a service account's password or something along those lines), it's always going to be possible for the step to do something like divulge the content by writing it to a file.