retrieve ARS Workflow Parameter saved in SecureString - as plain text using PowerShell


I'm writing a powershell script that connects via api to a vendor tool.

I want to save the password in the workflow as syntax type SecureString, so that the password's hidden in the workflow properties.

Per documentation the SecureString syntax used for storing workflow parameters:

the workflow definition stores the parameter value in encrypted form using an encryption key provided by the Active Roles service

I see that for some services, I can connect using a password stored this way, I guess if the API accepts a securestring it works. For instance if I get the parameter and then convert it with "ConvertTo-SecureString –string $StoredPW –AsPlainText -Force", then I can use the stored parameter for some APIs.

But now I'm working with an api that seems it really wants the clear text password.

I've tried just sending the parameter value, and it fails. I've tried converting it with the command above (works with other apis) and it fails.

Is there a command I can run in PowerShell to decrypt an ActiveRoles SecureString parameter in a workflow, to plain text?