private static final SecretKey MD5_KEY =
      new SecretKeySpec("secret key".getBytes(UTF_8), "HmacMD5");
  private static final SecretKey SHA1_KEY =
      new SecretKeySpec("secret key".getBytes(UTF_8), "HmacSHA1");
  private static final SecretKey SHA256_KEY =
      new SecretKeySpec("secret key".getBytes(UTF_8), "HmacSHA256");
  private static final SecretKey SHA512_KEY =

     * @param endpoint the S3 endpoint URL (null for AWS default)
     * @param accessKey the AWS access key
     * @param secretKey the AWS secret key
     * @param bucket the bucket name
     * @param region the AWS region
     */
    public S3StorageClient(final String endpoint, final String accessKey, final String secretKey, final String bucket,
            final String region) {
        this.bucket = bucket;

    public static StorageClient createClient(final FessConfig fessConfig) {
        final String endpoint = fessConfig.getStorageEndpoint();
        final String accessKey = fessConfig.getStorageAccessKey();
        final String secretKey = fessConfig.getStorageSecretKey();
        final String bucket = fessConfig.getStorageBucket();

        // Get explicit type or auto-detect
        final String typeStr = fessConfig.getStorageType();

    }
  }

  companion object {
    private lateinit var logger: Logger

    private val SSLSession.masterSecret: SecretKey?
      get() =
        javaClass
          .getDeclaredField("masterSecret")
          .apply {
            isAccessible = true
          }.get(this) as? SecretKey

    val randomRegex = "\"random\"\\s+:\\s+\"([^\"]+)\"".toRegex()

    fun register() {

    // Test with different cipher types
    @Test
    public void test_withBlowfishCipher() {
        // Test with Blowfish cipher
        InvertibleCryptographer blowfish = InvertibleCryptographer.createBlowfishCipher("secretkey");
        FessSecurityResourceProvider provider = new FessSecurityResourceProvider(blowfish, oneWayCryptographer);

        assertNotNull(provider);

- `ftp:.*`, `ftps:.*` → FtpClient
- `storage:.*` → StorageClient, `s3:.*` → S3Client, `gcs:.*` → GcsClient

### Cloud Storage Clients

- **S3Client**: AWS SDK v2, `s3://bucket/path`, properties: `endpoint`, `accessKey`, `secretKey`, `region`
- **GcsClient**: Google Cloud SDK, `gcs://bucket/path`, properties: `projectId`, `credentialsFile`, `endpoint`
- **StorageClient**: MinIO SDK, `storage://bucket/path`

### Services

        result = ParameterUtil.encrypt(value);
        assertTrue(result.contains("password={cipher}5691346cc398a4450114883140fa84a7"));
        assertTrue(result.contains("secretkey={cipher}"));
        assertFalse(result.contains("secretkey=unencrypted"));

        // Test with keys that don't match pattern
        value = "normalfield=value\npassword=secret";
        result = ParameterUtil.encrypt(value);

    public static final String STORAGE_ACCESS_KEY = "storage.accesskey";

    /** Storage secret key configuration key. */
    public static final String STORAGE_SECRET_KEY = "storage.secretkey";

    /** Storage bucket configuration key. */
    public static final String STORAGE_BUCKET = "storage.bucket";

    /** Storage type configuration key (s3, gcs, auto). */