Storing service account credentials securely in clickonce application

Question

I\'m writing a ClickOnce application that runs a batch file process with service account credentials. I need to store the service account credentials so that the program can add

Answer 1

The encryption key is on a dedicated server.

The password is sent to the server along with an id to be encrypted and the encrypted password returned for DB storage.

When the the password is needed a request is made to the dedicated server with the id and a decrypted password is returned.

The password is never saved to disk and the key is never available off the dedicated server.

The dedicated server is kind-of-like a poor-mans HSM.

This is encryption, not hashing. The encryption key is secret along with a random IV that that is saved with the id on the dedicated server. The key is not available and not related to the password so there is no better attack than brute force against the encryption key which is essentially to large to be attacked by brute force.

The server needs to be very secure, only a couple of two factor logins and not available to the Internet.