It sounds like you need a fixlet with Secure Parameters. The discussion at Secure Parameters may be helpful, along with an example fixlet at https://bigfix.me/fixlet/details/26939
To create a fixlet with Secure Parameters, unfortunately you have to edit it outside of the console (to supply the HTML form and JavaScript call to fill in & encrypt the parameters), and then import the fixlet.
Actions with Secure Parameters have to be targeted to specify computers - they cannot be Dynamically Targeted by Group or by Property - because the parameters are encrypted individually for each target computer, and those computer keys must be known at action issue time.