Or you can restrict the file with the key to a specific user and only run the process as that user.
The point is, you haven't actually solved the problem. It's not magic. In a 2-system authentication scheme, where headless access is necessary, a key needs to be somewhere in plaintext accessible to the process. You can obfuscate this, or add OS controls, or hardware chips, or ssh-agent, or keystores, or web-services for keys, but it doesn't change this reality.
The point is, you haven't actually solved the problem. It's not magic. In a 2-system authentication scheme, where headless access is necessary, a key needs to be somewhere in plaintext accessible to the process. You can obfuscate this, or add OS controls, or hardware chips, or ssh-agent, or keystores, or web-services for keys, but it doesn't change this reality.