One way to encrypt the app settings JSON file, is to run func settings encrypt from the directory that contains the appsettings.json.

We can also add new encrypted settings with func settings add SOME_NAME some_value.

Caveat: this has limited utility, because the user that encrypted the data is the only user that can decrypt it. The encryption uses DataProtectionScope.CurrentUser. (See the source code for this is in the SecretManager class in the https://github.com/Azure/azure-functions-cli repository). The nuances of encrypting on one machine and decrypting on another machine are explained in the "DPAPI and Roaming Profiles section" of this document.