internal/functions/security/Protect-String.ps1

function Protect-String
{
<#
    .SYNOPSIS
        Uses DPAPI to encrypt strings.
     
    .DESCRIPTION
        Uses DPAPI to encrypt strings.
     
    .PARAMETER String
        The string to encrypt.
     
    .EXAMPLE
        PS C:\> Protect-String -String $secret
     
        Encrypts the content stored in $secret and returns it.
#>

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")]
    [CmdletBinding()]
    Param (
        [Parameter(ValueFromPipeline = $true)]
        [string[]]
        $String
    )
    
    begin
    {
        Add-Type -AssemblyName System.Security -ErrorAction Stop
    }
    process
    {
        if($PSVersionTable.PSEdition -eq "Core"){
            $EncryptedToken = ConvertFrom-SecureString -key $Script:EncKey -SecureString ($String | ConvertTo-SecureString -AsPlainText -Force)
            $EncryptedToken | ConvertTo-SecureString -AsPlainText -Force
        }else{
            foreach ($item in $String)
            {
                $stringBytes = [Text.Encoding]::UTF8.GetBytes($item)
                $encodedBytes = [System.Security.Cryptography.ProtectedData]::Protect($stringBytes, $null, 'CurrentUser')
                [System.Convert]::ToBase64String($encodedBytes) | ConvertTo-SecureString -AsPlainText -Force
            }
        }
    }
}