Loading/Securing API Credentials for Scheduled Tasks under Service Account

[Reuerb]

I was wondering if anyone had recommendations for securing the API credentials in a script for a scheduled task under a service account. I am familiar with the Secret Vault recommendation on the PSFalcon Wiki.

My understanding of the Powershell Secret Vault is that to retrieve the secret you need to be logged in as the user account that created the vault.

[bk-cs]

I was wondering if anyone had recommendations for securing the API credentials in a script for a scheduled task under a service account. I am familiar with the Secret Vault recommendation on the PSFalcon Wiki.

My understanding of the Powershell Secret Vault is that to retrieve the secret you need to be logged in as the user account that created the vault.

If you're running a task as a user, you'll have access to the secret stored in the vault.

[Reuerb]

How about if I am running a task as a service account?

[bk-cs]

There are other ways to use the SecretStore vault, or other password storage mechanisms you could use. There are some automation tips on the Microsoft Knowledge Base: https://learn.microsoft.com/en-us/powershell/utility-modules/secretmanagement/how-to/using-secrets-in-automation?view=ps-modules