How to export a self-signed certificate X509 without specifying password

Question

I created a selfsigned certificate using IIS. Then through the export I generated the .pfx file (containing the public and private key). In the export step it requires a password and for encryption/decrypt operations it must always be specified.

/// Encrypt and Decrypt value
  var certPath = ".pfx file";
  var encValue = Encrypter.EncryptKey(Encoding.ASCII.GetBytes("test"), certPath , certPassword);
  var value = Encoding.ASCII.GetString(Decrypter.DecryptKey(encValue, certPath , certPassword));

Is there any way to export the certificate without specifying a password?

I tried directly to access the Windows certificate storage to read the certificate, but in that case I can only get the public key. When I retrieve the key an exception is rightly thrown

 // Read the certificate from the store
  X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
var certificate = store.Certificates.Find(X509FindType.FindByThumbprint, "5ff38ef6379cfb04e80adcdd3b1f1aaf2a30bf1f", false)[0];
var encValue = Encrypter.EncryptKey(Encoding.ASCII.GetBytes("test123"), certificate);
    var value = Encoding.ASCII.GetString(Decrypter.DecryptKey(encValue, certificate)); // >>> throws an exception

If it is mandatory to always specify a password, what advice do you have on how and where to keep it?

Potential solutions: An idea could be to encrypt this export password (eg with AES) and save it together with the pfx file in a protected area. For example using a cloudservice like Azure KeyVault. Or for on premise cases I was reading that they recommend creating a custom certificate store (using CNG Key Store Provider). Do you think this is a valid approach?