Protect-String

Encrypts a string using the Data Protection API (DPAPI).

Syntax

Protect-String [-String] <String> [-Scope {CurrentUser | LocalMachine}] [<CommonParameters>]

Description

Encrypts a string with the Data Protection API (DPAPI). Encryption can be performed at the user or machine level. If encrypted at the User scope, only the user who encrypted the data can decrypt it. If encrypted at the machine scope, any user on the machine can decrypt it.

Related Commands

Parameters

Name Type Description Required? Pipeline Input Default Value
String String The text to encrypt. true true (ByValue)
Scope DataProtectionScope The scope at which the encryption is performed. Default is CurrentUser. false false

EXAMPLE 1

Protect-String -String 'TheStringIWantToEncrypt' | Out-File MySecret.txt

Encrypts the given string and saves the encrypted string into MySecret.txt. Only the user who encrypts the string can unencrypt it.

EXAMPLE 2

$cipherText = Protect-String -String "MySuperSecretIdentity" -Scope LocalMachine

Encrypts the given string and stores the value in $cipherText. Because the encryption scope is set to LocalMachine, any user on the local machine can decrypt $cipherText.