To create a DPAPI-encrypted environment variable run the following PowerShell:
[Environment]::SetEnvironmentVariable((Read-Host "Enter name"), (Read-Host "Enter value" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString), [EnvironmentVariableTarget]::User)
(You may need to restart any apps that wish to use this value now)
The value can be decrypted using the following PowerShell line (replace MY_ENV_VAR
with your variable name):
[Net.NetworkCredential]::new('', (ConvertTo-SecureString $env:MY_ENV_VAR)).Password