Encrypt.ps1

[string]$global:UnencryptedMark = 'Unencrypted'
[string]$global:EncryptedMark = 'Encrypted'

function New-Credential($username, [SecureString] $password) {
    $credPassword   = ConvertTo-SecureString $PASSWORD -AsPlainText -Force
    $cred = New-Object System.Management.Automation.PSCredential ($username, $credPassword )
    return $cred
}

function Get-SecureKey_Plain {
    param( 
        [Parameter(ValueFromPipeline=$true)]
        $secureKey
    )
    if ($secureKey -is [string]) {
        return $secureKey
    }
    $Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($secureKey)
    $plainValue = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
    [System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
    return $plainValue
}

function Set-SecureKey($environmentVariable, $secureKey ){
        if ($secureKey -is [string]) {
            $secureKey = ConvertTo-SecureString -String $secureKey -AsPlainText -Force
        }
        $storedKey = ConvertFrom-SecureString -SecureString $secureKey
        [Environment]::SetEnvironmentVariable($environmentVariable, $storedKey, [System.EnvironmentVariableTarget]::User)
        [Environment]::SetEnvironmentVariable($environmentVariable, $storedKey, [System.EnvironmentVariableTarget]::Process)
}
function Set-SecureKey:::Test{
    $testKey = 'TestSet-SecureKey'
    $secret = 'AnySecret'
    Set-SecureKey -environmentVariable $testKey -secureKey $secret
    $result = Get-SecureKey -environmentVariable $testKey
    $result | Get-SecureKey_Plain | assert -eq $secret
}
function Set-SecureKey:::Example{
    Set-SecureKey -environmentVariable Corp_Deploy_Key_Standalone -secureKey 'XXXXXXXXXXXXXX'
}


function Get-SecureKey{
    param ( 
        [string]$environmentVariable,
        [string]$prompt
    )

    [string]$storedKey = [Environment]::GetEnvironmentVariable($environmentVariable)

    if ($storedKey -and ( $storedKey.Length -lt 50) ) {
        return $storedKey
    }
    if ($storedKey) {
        try {
            $secureKey = $storedKey | ConvertTo-SecureString
        }
        catch [System.Security.Cryptography.CryptographicException] {
            throw " '$environmentVariable' Environment Variable does not contain a valid encryption key for user '$env:USERDOMAIN\$env:USERName' "
        }
    }
    else {
        if ( -not ( IsISE ) ) {
            throw "Secure String not found in `$env:$environmentVariable`nRun the script in ISE to specify one or use Set-SecureKey"
        }
        $secureKey = Read-Host -Prompt $prompt -AsSecureString
        Set-SecureKey -environmentVariable $environmentVariable -secureKey $secureKey
    }
    return $secureKey
}


function Set-Content_Encrypt {
   [CmdletBinding()]
    Param(
        [Parameter(ValueFromPipeline=$true)]
        $path,
        [validateLength(5,20)]
        [SecureString]$password,
        [string]$EncryptedMark = $EncryptedMark,
        [string]$UnencryptedMark = $UnencryptedMark
    )
    process {
        $path = Get-Path -path $path
        $filelist = Get-ChildItem -path $path -Filter "*.$UnencryptedMark.*" -re | Get-Path
    
        foreach($file in $filelist) {
            $outFileName = $file -replace $UnencryptedMark, $EncryptedMark
            $outFileName = "$outFileName.zip" | Update-String_Enclose '"'
            if ( test-path $outFileName ) {
                Remove-Item $outFileName -Force
            }
            $file = $file | Update-String_Enclose '"'
            Invoke-Exe 7z a $outFileName "$file" "-p$password" -y | Out-Null #nooutput
        }
    }
}

function Get-Unzip_Path {
    $unzip = (Get-Command unzip -ErrorAction SilentlyContinue).Source
    if (-not $unzip) {
        $unzip = 'C:\Program Files\Git\usr\bin\unzip.exe'
        if(-not (Test-Path $unzip)) {
            throw 'Unzip.exe not found'
        }
    }
    return $unzip
}

function Set-Content_UnEncrypt {
   [CmdletBinding()]
    Param(
        [Parameter(ValueFromPipeline=$true)]
        $path,
        [validateLength(5,20)]
        [SecureString]$password
    )
    begin {
        $unzip = Get-Unzip_Path
    }
    process {
        $path = Get-Path -path $path
        $outFolder = Split-Path $path -Parent
        $path = $path | Update-String_Enclose '"'
        $outFolder = $outFolder | Update-String_Enclose '"'
        #Invoke-Exe 7z x $path "-o$outFolder" "-p$password" -y -NoEcho | Out-Null
        Invoke-Exe $unzip -o -q -P $password $path -d $outFolder | Out-Null
    }
}

function Remove-UnEncrypted {
   [CmdletBinding()]
    Param(
        [Parameter(ValueFromPipeline=$true)]
        $path,
        $EncryptedMark = $EncryptedMark,
        $UnencryptedMark = $UnencryptedMark
    )
    process {
        $toRemove = Get-ChildItem -Path $path -Filter "*.$UnencryptedMark.*" -Recurse
        $toRemove | Remove-Item -Force -Verbose
    }
}

function Set-Content_Encrypt:::Example {
    $EncryptPassword = '1234567890'
    Set-Content_Encrypt -path $src -password $EncryptPassword
    Set-Content_UnEncrypt -path $src -password $EncryptPassword
}