Quite an interesting question. We have had the same challenge before. This request is tricky, here’s why:
UiPath Cryptography library uses a Symmetric-key encryption see docs
This means that the encryption key you provide will need to be the same plain text string in the Dispatcher when you encrypt and in the Performer where you decrypt your sensitive information.
We have used this method on datatable columns (Forum Thread) containing sensitive values. Although slow on large datasets, it does work. That said, we did not have a strict policy on the use of secure string usage as you are facing.
What you are currently doing is the only feasible way of using the official UiPath Cryptography library. However the alternative you can try is make your own encrypt and decrypt activities in C# which takes the string to be encrypted or decrypted and a secure string ( encryption key) as inputs and outputs a encrypted or decrypted string. This way you do not need to worry about converting secure string (encryption key) to plain text and will thereby pass the governance requirement as well. Both conversion of secure string and encryption /decryption are performed without any data leak with the C# activity.
I still suggest a normal Symmetric-key encryption in your custom C# activity to keep things simple. Also, ensure you take a backup of the encryption key you use in the orchestrator. This is because if you have to change the key during production you will know what the value was, orchestrator do not show credentials (password) field and it is easy to forget encryption keys
You also may try to look for other encryption / decryption libraries/packages in the market place but my advice is to not use them as they might also not adhere to organizational policy of using 3rd party packages and most often lack clear documentation.
Hope this helps you.