Forum Discussion
Can I use PowerShell SecretStore for local system accounts?
I am trying to store some "system" secrets for my services running as default system accounts like "SYSTEM" and "NETWORK SERVICE". Based on my understanding, the SecretStore vault stores secrets locally on file for the current user. So it seems I can't use the tool for my project?
1 Reply
Hi,
you are correct - the PowerShell SecretStore module stores secrets on a per-user basis using the Windows Data Protection API, meaning secrets are only accessible to the user profile that created them. System-level accounts like "SYSTEM" or "NETWORK SERVICE" don't have standard user profiles or typical PowerShell environments, so they can't reliably access or decrypt secrets stored this way. Therefore, SecretStore is not suitable for storing secrets needed by services running under these accounts.
Maybe Windows Credential Manager is an alternative for you. Or, if possible/applicable I would recommend Azure Key Vault.
