/**
     * Enable or disable sensitive data masking
     *
     * @param enable true to enable masking
     */
    public void setSensitiveDataMaskingEnabled(boolean enable) {
        this.maskSensitiveData = enable;
        log.info("Sensitive data masking {}", enable ? "enabled" : "disabled");
    }

    /**
     * Enable or disable high performance mode for sensitive data masking
     *

            }
        }
        return len;
    }

    /**
     * Masks sensitive values in a string for security purposes.
     *
     * @param value the string potentially containing sensitive information
     * @return the string with sensitive parts masked, or the original string if masking is disabled
     */
    public static String maskSecretValue(final String value) {

    server.enqueue(
      MockResponse
        .Builder()
        .addHeader("SeNsItIvE", "Value")
        .addHeader("Not-Sensitive", "Value")
        .build(),
    )
    val response =
      client
        .newCall(
          request()
            .addHeader("SeNsItIvE", "Value")
            .addHeader("Not-Sensitive", "Value")
            .build(),
        ).execute()
    response.body.close()

    byte[] getSigningKey();

    /**
     * Validates authentication credentials
     *
     * @return true if credentials are valid
     */
    boolean validateCredentials();

    /**
     * Clears sensitive authentication data
     */
    void clearSensitiveData();

    /**
     * Gets authentication metadata for auditing
     *
     * @return authentication metadata
     */

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.
We'll use secrets to hold the TLS certificate and key. To create a secret, update the paths to `private.key` and `public.crt`
below.

Then type

```sh

        case "RETAIN_PAYLOAD":
            assertEquals(3, rp.ordinal());
            break;
        default:
            fail("Unexpected name under test: " + name);
        }
    }

    // Edge: valueOf is case-sensitive and does not accept unknown identifiers
    @ParameterizedTest
    @ValueSource(strings = { "none", "No_Retry", "retain_payload", "UNKNOWN", "NO-RETRY" })

        // Execute
        corsHandlerFactory.add(lowerCaseOrigin, lowerHandler);
        corsHandlerFactory.add(upperCaseOrigin, upperHandler);

        // Verify - origins are case sensitive
        assertEquals(lowerHandler, corsHandlerFactory.get(lowerCaseOrigin));
        assertEquals(upperHandler, corsHandlerFactory.get(upperCaseOrigin));
        assertNull(corsHandlerFactory.get("https://Example.Com"));

        assertEquals(Long.valueOf(2), stats.get(EventType.AUTHENTICATION_SUCCESS), "Should have 2 authentication success events");
    }

    @Test
    @DisplayName("Test sensitive data masking")
    void testSensitiveDataMasking() {
        logger.setSensitiveDataMaskingEnabled(true);

        Map<String, Object> context = new HashMap<>();
        context.put("password", "secretpassword123");

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */

        auth.secureWipePassword();
        assertNull(auth.getPassword());
    }

    /**
     * Test that closed authenticator prevents all sensitive operations
     */
    @Test
    @DisplayName("Test closed authenticator blocks all sensitive operations")
    public void testClosedAuthenticatorBlocking() throws Exception {