The only correct answer is: you don't. It is a catch22 rabbithole. In short, your script shouldn't be used for authorisation but the account that runs the script. In other words, if your script invokes a SQL database, that shouldn't be password based authentication but Windows Authentication. Anyways, probably the closest you can come is using DPAPI (Data Protection API) on your own script. For this, see dupplicate How to securely store a password for a script run every day using a Windows task scheduler?.