[dreamdu5t]

How else would you do it? If you use a configuration "service" the credentials to access the service must be baked in.

[thrownaway2424]

Well, I can think of a couple of ways off the top of my head, that I'm sure will be shouted down for being simplistic:

1) ident protocol, or something similar. On the internet, it's a disaster, but for machines all owned by the same organization, it makes sense.

2) ssl client certificate. this can be hardened in various ways like having the certs expire every ten minutes etc.