Encrypts a string using the Data Protection API (DPAPI).
Protect-String [-String] <String> [-Scope {CurrentUser | LocalMachine}] [<CommonParameters>]
Encrypts a string with the Data Protection API (DPAPI). Encryption can be performed at the user or machine level. If encrypted at the User scope, only the user who encrypted the data can decrypt it. If encrypted at the machine scope, any user on the machine can decrypt it.
Name | Type | Description | Required? | Pipeline Input | Default Value |
---|---|---|---|---|---|
String | String | The text to encrypt. | true | true (ByValue) | |
Scope | DataProtectionScope | The scope at which the encryption is performed. Default is CurrentUser .
|
false | false |
Protect-String -String 'TheStringIWantToEncrypt' | Out-File MySecret.txt
Encrypts the given string and saves the encrypted string into MySecret.txt. Only the user who encrypts the string can unencrypt it.
$cipherText = Protect-String -String "MySuperSecretIdentity" -Scope LocalMachine
Encrypts the given string and stores the value in $cipherText. Because the encryption scope is set to LocalMachine, any user on the local machine can decrypt $cipherText.