A custom converter for Json.NET to encrypt values, see https://thomasfreudenberg.com/archive/2017/02/11/encrypting-values-when-serializing-with-json-net/

## EncryptingJsonConverter.cs
public class EncryptingJsonConverter : JsonConverter {
    private readonly byte[] _encryptionKeyBytes;

    public EncryptingJsonConverter(string encryptionKey) {
        if (encryptionKey == null) {
            throw new ArgumentNullException(nameof(encryptionKey));
        }

        // Hash the key to ensure it is exactly 256 bits long, as required by AES-256
        using (var sha = new SHA256Managed()) {
            _encryptionKeyBytes =
                sha.ComputeHash(Encoding.UTF8.GetBytes(encryptionKey));
        }
    }

    public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer) {
        var stringValue = (string)value;
        if (string.IsNullOrEmpty(stringValue)) {
            writer.WriteNull();
            return;
        }

        var buffer = Encoding.UTF8.GetBytes(stringValue);

        using (var inputStream = new MemoryStream(buffer, false))
        using (var outputStream = new MemoryStream())
        using (var aes = new AesManaged {
            Key = _encryptionKeyBytes
        }) {
            var iv = aes.IV; // first access generates a new IV
            outputStream.Write(iv, 0, iv.Length);
            outputStream.Flush();

            var encryptor = aes.CreateEncryptor(_encryptionKeyBytes, iv);
            using (var cryptoStream = new CryptoStream(outputStream, encryptor, CryptoStreamMode.Write)) {
                inputStream.CopyTo(cryptoStream);
            }

            writer.WriteValue(Convert.ToBase64String(outputStream.ToArray()));
        }
    }

    public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) {
        var value = reader.Value as string;
        if (string.IsNullOrEmpty(value)) {
            return reader.Value;
        }

        try {
            var buffer = Convert.FromBase64String(value);

            using (var inputStream = new MemoryStream(buffer, false))
            using (var outputStream = new MemoryStream())
            using (var aes = new AesManaged {
                Key = _encryptionKeyBytes
            }) {
                var iv = new byte[16];
                var bytesRead = inputStream.Read(iv, 0, 16);
                if (bytesRead < 16) {
                    throw new CryptographicException("IV is missing or invalid.");
                }

                var decryptor = aes.CreateDecryptor(_encryptionKeyBytes, iv);
                using (var cryptoStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read)) {
                    cryptoStream.CopyTo(outputStream);
                }

                var decryptedValue = Encoding.UTF8.GetString(outputStream.ToArray());
                return decryptedValue;
            }
        }
        catch {
            return string.Empty;
        }
    }

    /// <inheritdoc />
    public override bool CanConvert(Type objectType) {
        return objectType == typeof(string);
    }
}

## Usage.cs
public class Settings {
    [JsonConverter(typeof(EncryptingJsonConverter), "#my*S3cr3t")]
    public string Password { get; set; }
}
	public class EncryptingJsonConverter : JsonConverter {
	private readonly byte[] _encryptionKeyBytes;

	public EncryptingJsonConverter(string encryptionKey) {
	if (encryptionKey == null) {
	throw new ArgumentNullException(nameof(encryptionKey));
	}

	// Hash the key to ensure it is exactly 256 bits long, as required by AES-256
	using (var sha = new SHA256Managed()) {
	_encryptionKeyBytes =
	sha.ComputeHash(Encoding.UTF8.GetBytes(encryptionKey));
	}
	}

	public override void WriteJson(JsonWriter writer, object value, JsonSerializer serializer) {
	var stringValue = (string)value;
	if (string.IsNullOrEmpty(stringValue)) {
	writer.WriteNull();
	return;
	}

	var buffer = Encoding.UTF8.GetBytes(stringValue);

	using (var inputStream = new MemoryStream(buffer, false))
	using (var outputStream = new MemoryStream())
	using (var aes = new AesManaged {
	Key = _encryptionKeyBytes
	}) {
	var iv = aes.IV; // first access generates a new IV
	outputStream.Write(iv, 0, iv.Length);
	outputStream.Flush();

	var encryptor = aes.CreateEncryptor(_encryptionKeyBytes, iv);
	using (var cryptoStream = new CryptoStream(outputStream, encryptor, CryptoStreamMode.Write)) {
	inputStream.CopyTo(cryptoStream);
	}

	writer.WriteValue(Convert.ToBase64String(outputStream.ToArray()));
	}
	}

	public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) {
	var value = reader.Value as string;
	if (string.IsNullOrEmpty(value)) {
	return reader.Value;
	}

	try {
	var buffer = Convert.FromBase64String(value);

	using (var inputStream = new MemoryStream(buffer, false))
	using (var outputStream = new MemoryStream())
	using (var aes = new AesManaged {
	Key = _encryptionKeyBytes
	}) {
	var iv = new byte[16];
	var bytesRead = inputStream.Read(iv, 0, 16);
	if (bytesRead < 16) {
	throw new CryptographicException("IV is missing or invalid.");
	}

	var decryptor = aes.CreateDecryptor(_encryptionKeyBytes, iv);
	using (var cryptoStream = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read)) {
	cryptoStream.CopyTo(outputStream);
	}

	var decryptedValue = Encoding.UTF8.GetString(outputStream.ToArray());
	return decryptedValue;
	}
	}
	catch {
	return string.Empty;
	}
	}

	/// <inheritdoc />
	public override bool CanConvert(Type objectType) {
	return objectType == typeof(string);
	}
	}
	public class Settings {
	[JsonConverter(typeof(EncryptingJsonConverter), "#my*S3cr3t")]
	public string Password { get; set; }
	}