diff --git a/setup/main.ps1 b/setup/main.ps1
index 88bf2b51..c2745ce5 100644
--- a/setup/main.ps1
+++ b/setup/main.ps1
@@ -93,7 +93,8 @@ If ($Locale -eq $null) {
 }
 
 try {
-    $RuntimeConfig = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name 'gsaConfigExportLatest' -AsPlainText -ErrorAction Stop | ConvertFrom-Json | Select-Object -Expand runtime
+    $encryptedSecret = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name 'gsaConfigExportLatest' -AsPlainText
+    $RuntimeConfig = ConvertFrom-SecureString $encryptedSecret | ConvertFrom-Json | Select-Object -Expand runtime
     Set-AzContext -SubscriptionId $RuntimeConfig.subscriptionId
 }
 catch {
diff --git a/src/GuardrailsSolutionAcceleratorSetup/modules/Deploy-GuardrailsSolutionAccelerator/Deploy-GuardrailsSolutionAccelerator.psm1 b/src/GuardrailsSolutionAcceleratorSetup/modules/Deploy-GuardrailsSolutionAccelerator/Deploy-GuardrailsSolutionAccelerator.psm1
index cb6daee9..5be81f57 100644
--- a/src/GuardrailsSolutionAcceleratorSetup/modules/Deploy-GuardrailsSolutionAccelerator/Deploy-GuardrailsSolutionAccelerator.psm1
+++ b/src/GuardrailsSolutionAcceleratorSetup/modules/Deploy-GuardrailsSolutionAccelerator/Deploy-GuardrailsSolutionAccelerator.psm1
@@ -433,7 +433,8 @@ Function Deploy-GuardrailsSolutionAccelerator {
             'deployerAzureID'       = $config['runtime']['userId']
         }
 
-        $secretValue = (ConvertTo-SecureString -String (ConvertTo-Json $config -Depth 10) -AsPlainText -Force)
+        $secureValue = (ConvertTo-SecureString -String (ConvertTo-Json $config -Depth 10) -AsPlainText -Force)
+        $secretValue = ConvertFrom-SecureString $secureValue
         Set-AzKeyVaultSecret -VaultName $config['runtime']['keyVaultName'] -Name $configSecretName -SecretValue $secretValue -Tag $secretTags -ContentType 'application/json' -Verbose:$useVerbose | Out-Null
 
         Write-Host "Completed deployment of the Guardrails Solution Accelerator!" -ForegroundColor Green
diff --git a/src/GuardrailsSolutionAcceleratorSetup/modules/Get-GSAExportedConfig/Get-GSAExportedConfig.psm1 b/src/GuardrailsSolutionAcceleratorSetup/modules/Get-GSAExportedConfig/Get-GSAExportedConfig.psm1
index 40cc35a9..3286cc9e 100644
--- a/src/GuardrailsSolutionAcceleratorSetup/modules/Get-GSAExportedConfig/Get-GSAExportedConfig.psm1
+++ b/src/GuardrailsSolutionAcceleratorSetup/modules/Get-GSAExportedConfig/Get-GSAExportedConfig.psm1
@@ -45,7 +45,8 @@ Function Get-GSAExportedConfig {
     }
     
     try {
-        [string]$configValue = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name 'gsaConfigExportLatest' -AsPlainText -ErrorAction Stop
+        $configValue = Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name 'gsaConfigExportLatest' -AsPlainText -ErrorAction Stop
+        $configValue = ConvertFrom-SecureString $configValue
     }
     catch {
         Write-Error -Message "Unable to retrieve the latest configuration from the Key Vault. Please ensure that the Key Vault exists and that the latest configuration has been exported. Message: $_" -ErrorAction Stop