f (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
    $arguments = "-Command `"& { Set-ExecutionPolicy Bypass -Scope Process -Force; & '$PSCommand' $($args -join ' ') }`""
    Start-Process -Verb RunAs -FilePath "powershell.exe" -ArgumentList $arguments
    exit # Terminate the current non-elevated script
}

& "setx" "foo" "bar"

setx ASPNETCORE_ConnectionStrings__AzaionDb Host=localhost;Database=azaion;Username=azaion_reader;Password=Az_read;
setx ASPNETCORE_ConnectionStrings__AzaionDbAdmin Host=localhost;Database=azaion;Username=azaion_admin;Password=Az_admin;
# AZ-552 — JWT signing moved from HS256 symmetric secret to ES256 asymmetric.
# Dev: generate a PEM via WSL with `bash scripts/generate-jwt-key.sh` and point
# KeysFolder at the resulting directory. ActiveKid is the PEM filename minus .pem.
setx ASPNETCORE_JwtConfig__KeysFolder $PSScriptRoot\..\..\secrets\jwt-keys
setx ASPNETCORE_JwtConfig__ActiveKid kid-dev-local