In my work-life, I see often app secrets for unattended scripts are stored in the script itself or in environment variables. And this is even true for apps with high privilege permissions to Azure AD.
Certificated based authentication with the Microsoft PowerShell Graph SDK
