KerberosKey serverKey = keysByAlgo.get(encType.getValue().intValue());
                if (keysByAlgo.isEmpty() || serverKey == null) {
                    throw new PACDecodingException("Kerberos key not found for eType " + encType.getValue());
                }

                try {
                    byte[] decrypted = KerberosEncData.decrypt(crypt, serverKey, serverKey.getKeyType());

                    // Sun/Oracle advises to empty the char array
                    java.util.Arrays.fill(password, ' ');
                }
            }
            System.out.println(dispatcher.encrypt(passwd, null));
            throw new ExitException(0);
        }
    }

    private int execute(CliRequest cliRequest) throws MavenExecutionRequestPopulationException {

- Encryption of API Server at rest configuration now allows the use of wildcards in the list of resources.  For example, *.* can be used to encrypt all resources, including all current and future custom resources. ([#115149](https://github.com/kubernetes/kubernetes/pull/115149), [@nilekhc](https://github.com/nilekhc))

### SIG AWS

In v1.13 we worked on tighter integrations of Kubernetes API objects with AWS services. These include three out-of-tree alpha feature releases:

###  Introduced KMS v2

     * @param encType Encryption type
     * @param encryptedData Encrypted data
     * @param unknownTag Optional unknown tag number to test error handling
     * @return A byte array representing the ticket
     * @throws IOException on encoding error
     */
    private byte[] createTestTicketBytes(Number version, String realm, String principalName, int encType, byte[] encryptedData,

## FAQ

> Why is this change needed?

Before, there were two separate mechanisms - S3 objects got encrypted using a KMS,
if present, and the IAM / configuration data got encrypted with the root credentials.
Now, MinIO encrypts IAM / configuration and S3 objects with a KMS, if present. This
change unified the key-management aspect within MinIO.

*   KMS: Alpha integration with GCP KMS was removed in favor of a future out-of-process extension point. Discontinue use of the GCP KMS integration and ensure [data has been decrypted](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#decrypting-all-data) (or reencrypted with a different provider) before upgrading ([#54759](https://github.com/kubernetes/kubernetes/pull/54759),[ @sakshamsharma](https://github.com/sakshamsharma))

### **CLI**

     */
    String getAppDigestAlgorithm();

    /**
     * Get the value for the key 'app.encrypt.property.pattern'. <br>
     * The value is, e.g. .*password|.*key|.*token|.*secret <br>
     * comment: Regex pattern for properties to encrypt.
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */

                                null));
                    }
                    server.setPassword(securityDispatcher.decrypt(password));
                } catch (SecDispatcherException | IOException e) {
                    problems.add(new DefaultSettingsProblem(
                            "Failed to decrypt password for server " + server.getId() + ": " + e.getMessage(),
                            Severity.ERROR,