}

    /**
     * Gets the compiled pattern for matching sensitive property/environment variable keys.
     * The pattern is read from the system property 'app.log.sensitive.property.pattern'.
     * If not set, a default pattern matching common sensitive key names is used.
     *
     * @return The compiled Pattern for sensitive key matching
     */
    private static Pattern getSensitivePattern() {

    /**
     * Enable or disable sensitive data masking
     *
     * @param enable true to enable masking
     */
    public void setSensitiveDataMaskingEnabled(boolean enable) {
        this.maskSensitiveData = enable;
        log.info("Sensitive data masking {}", enable ? "enabled" : "disabled");
    }

    /**
     * Enable or disable high performance mode for sensitive data masking
     *

**Warning**: The logs generated by this interceptor when using the `HEADERS` or `BODY` levels have
the potential to leak sensitive information such as "Authorization" or "Cookie" headers and the
contents of request and response bodies. This data should only be logged in a controlled way or in
a non-production environment.

You can redact headers that may contain sensitive information by calling `redactHeader()`.
```java
logging.redactHeader("Authorization");

    server.enqueue(
      MockResponse
        .Builder()
        .addHeader("SeNsItIvE", "Value")
        .addHeader("Not-Sensitive", "Value")
        .build(),
    )
    val response =
      client
        .newCall(
          request()
            .addHeader("SeNsItIvE", "Value")
            .addHeader("Not-Sensitive", "Value")
            .build(),
        ).execute()
    response.body.close()

            }
        }
        return len;
    }

    /**
     * Masks sensitive values in a string for security purposes.
     *
     * @param value the string potentially containing sensitive information
     * @return the string with sensitive parts masked, or the original string if masking is disabled
     */
    public static String maskSecretValue(final String value) {

 *
 * <p><b>Security Note:</b> This class stores credentials in memory. For security best practices:
 * <ul>
 *   <li>Call {@link #clearCredentials()} after authentication is complete to clear sensitive data from memory</li>
 *   <li>Avoid logging instances of this class as it may expose credentials</li>
 *   <li>Consider using external secret management systems for credential storage in production</li>
 * </ul>
 *

	// as an audience value. It MAY also contain identifiers for
	// other audiences. In the general case, the aud value is an
	// array of case sensitive strings. In the common special case
	// when there is one audience, the aud value MAY be a single
	// case sensitive
	audValues, ok := policy.GetValuesFromClaims(mclaims, audClaim)
	if !ok {

the header line. This behavior can be disabled with `GODEBUG=tracebacklabels=0`
(added in [Go 1.26](/doc/godebug#go-126)). This opt-out is expected to be
kept indefinitely in case goroutine labels acquire sensitive information that

## Log Message Guidelines

- Logger: `LogManager.getLogger(ClassName.class)`
- Format: `key=value` (e.g., `userId={}`, `url={}`)
- Prefix with `[name]` when context identification is needed
- Mask sensitive values (passwords, tokens)

## i18n / Localization

    }

    @Test
    public void test_maskSensitiveValue_withPrivate() {
        assertEquals("********", SystemUtil.maskSensitiveValue("PRIVATE_DATA", "sensitive"));
        assertEquals("********", SystemUtil.maskSensitiveValue("private_config", "internal"));
    }

    @Test
    public void test_maskSensitiveValue_safeValues() {
        // These should NOT be masked