functions/ConvertTo-EncryptedString.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Function ConvertTo-EncryptedString {
    <#
    .SYNOPSIS
    Converts a SecureString object to an encrypted string.
     
    .DESCRIPTION
    Converts a SecureString object to an encrypted string with an option to use a custom key.
     
    Key path can be defined by:
    PS> Get/Set-DBODefaultSetting -Name security.encryptionkey
 
    Custom key is enforced in a Unix environment by a default setting security.usecustomencryptionkey
    PS> Get/Set-DBODefaultSetting -Name security.usecustomencryptionkey
    
    .PARAMETER SecureString
    SecureString to be encrypted
     
    .PARAMETER Confirm
    Prompts to confirm certain actions
 
    .PARAMETER WhatIf
    Shows what would happen if the command would execute, but does not actually perform the command
 
    .EXAMPLE
    # Converts a password provided by user to an encrypted string
    ConvertTo-EncryptedString -String (Read-Host -AsSecureString)
     
    .NOTES
     
    #>

    [CmdletBinding(SupportsShouldProcess)]
    Param (
        [Parameter(ValueFromPipeline, Mandatory)]
        [secureString]$SecureString
    )
    $params = @{ SecureString = $SecureString }
    if (Get-DBODefaultSetting -Name security.usecustomencryptionkey -Value) {
        $key = Get-EncryptionKey
        if (!$key -and $PSCmdlet.ShouldProcess("Generating a new encryption key")) {
            $key = New-EncryptionKey
        }
        $params += @{ Key = $key }
    }
    try {
        ConvertFrom-SecureString @params
    }
    catch {
        Stop-PSFFunction -Message "Failed to encrypt the secure string" -ErrorRecord $_ -EnableException $true
    }
}