I'm using the following to store credentials:
GET-CREDENTIAL –Credential “domain\user” `
| EXPORT-CLIXML .\creds.xml
This works in scripts when ran as my account and I call the xml file. However, if I try to run a script on the same machine under a different user (e.g. a scheduled task), calling the same XML using the import-clixml command I get the error:
import-clixml : Key not valid for use in specified state.
Do I need to switch to convertto-securestring/convertfrom-securestring or is there something I can do to allow a different user to access the stored credentials?
You can't do that, because those cmdlets use the DPAPI to do the encryption, and DPAPI stores the encryption keys in your user profile.
However, there are other techniques you can use, and this was the subject of a talk I gave at this year's PowerShell Summit: https://www.youtube.com/watch?v=Ta2hQHVKauo . The short version is, use certificates to encrypt your passwords, and distribute the certificate (with its private key) to any user who you want to be able to run the script.