dsc_xADUser-How to encrypt password in manifest file-Windows

I installed dsc module and added AD user to Domain controller using puppet. Code below works fine when hard-coding password as plain text. Is it possible somehow to encrypt those passwords. I read that hiera-eyaml is solution for this so i encrypted password [root@PUPPET puppet]# /opt/puppetlabs/puppet/bin/eyaml encrypt -p Enter password: ********** string: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAl/+uUACl6WpGAnA1sSqEuTp39SVYfHc7J0BMvC+a2C0YzQg1V] Then stored that encrypted pass in /etc/common.eyaml file (specified in hiera config file) /opt/puppetlabs/puppet/bin/eyaml edit /etc/common.eyaml I can decrypt the file successfully: /opt/puppetlabs/puppet/bin/eyaml decrypt -f /etc/common.eyaml Then i specified encrypted pass to manifest file /etc/puppetlabs/code/environments/production/manifests/site.pp: dsc_xADUser {'FirstUser': dsc_ensure => 'present', dsc_domainname => 'ad.contoso.com', dsc_username => 'tfl', dsc_userprincipalname => 'tfl@ad.contoso.com', dsc_password => { 'user' => 'Administrator@ad.contoso.com', 'password' => Sensitive('pass') }, dsc_passwordneverexpires => true, dsc_domainadministratorcredential => { 'user' => 'Administrator@ad.contoso.com', 'password' => ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAl/+uUACl6WpGAnA1sSqEuTp39SVYfHc7J0BMvC+a2C0YzQg1V] }, } On windows node i got error Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Could not parse for environment production: Syntax error at '+' (file: /etc/puppetlabs/code/environments/production/manifests/site.pp, line: 69, column: 123) on node windows.example.com when putting quote around the pass then getting:Password doesn't meet complexity.... Hiera config file: cat /etc/puppetlabs/puppet/hiera.yaml --- version: 5 defaults: datadir: data data_hash: yaml_data hierarchy: - name: "Eyaml hierarchy" lookup_key: eyaml_lookup_key # eyaml backend paths: - "/etc/common.yaml" options: pkcs7_private_key: "/etc/puppetlabs/puppet/keys/private_key.pkcs7.pem" pkcs7_public_key: "/etc/puppetlabs/puppet/keys/public_key.pkcs7.pem"