* This method encrypts the configuration parameters before saving and
     * performs an insert or update operation based on whether the configuration exists.
     *
     * @param fileConfig the file configuration to be stored
     */
    public void store(final FileConfig fileConfig) {
        fileConfig.setConfigParameter(ParameterUtil.encrypt(fileConfig.getConfigParameter()));

    }

    /**
     * Stores a web configuration.
     * Configuration parameters are encrypted before storage.
     *
     * @param webConfig The web configuration to store
     */
    public void store(final WebConfig webConfig) {
        webConfig.setConfigParameter(ParameterUtil.encrypt(webConfig.getConfigParameter()));
        webConfigBhv.insertOrUpdate(webConfig, op -> {

import org.junit.runner.RunWith;
import javax.net.ssl.SSLHandshakeException;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;

/**
 * Let's Encrypt expiring root test.
 *
 * Read https://community.letsencrypt.org/t/mobile-client-workarounds-for-isrg-issue/137807
 * for background.
 */
@RunWith(AndroidJUnit4.class)
public class LetsEncryptTest {

     * Parses the role set from a string.
     * @param value The string to parse.
     * @param encrypted Whether the string is encrypted.
     * @param roleSet The set of roles.
     */
    protected void parseRoleSet(final String value, final boolean encrypted, final Set<String> roleSet) {
        String rolesStr = value;
        if (encrypted && cipher != null) {
            try {
                rolesStr = cipher.decryptoText(rolesStr);

     * @throws IllegalArgumentException if dataConfig is null
     */
    public void store(final DataConfig dataConfig) {
        dataConfig.setHandlerParameter(ParameterUtil.encrypt(dataConfig.getHandlerParameter()));
        dataConfigBhv.insertOrUpdate(dataConfig, op -> {
            op.setRefreshPolicy(Constants.TRUE);
        });

    }

    /**

        if (logger.isDebugEnabled()) {
            logger.debug("system.properties: {}", value);
        }
        if (StringUtil.isNotBlank(value)) {
            ParameterUtil.parse(ParameterUtil.encrypt(value)).entrySet().stream().filter(e -> {
                final String key = e.getKey();
                if (StringUtil.isBlank(key)) {
                    return false;
                }

                Constants.CIPHER_PREFIX + ComponentUtil.getPrimaryCipher().encrypt(value));
    }

    default String getLdapAdminSecurityCredentials() {
        final String value = getSystemProperty(Constants.LDAP_ADMIN_SECURITY_CREDENTIALS);
        if (StringUtil.isNotBlank(value) && value.startsWith(Constants.CIPHER_PREFIX)) {
            return ComponentUtil.getPrimaryCipher().decrypt(value.substring(Constants.CIPHER_PREFIX.length()));
        }

app.cipher.algorism=aes
# Secret key for encryption (change this value for production).
app.cipher.key=___change__me___
# Algorithm for digest calculation.
app.digest.algorism=sha256
# Regex pattern for properties to encrypt.
app.encrypt.property.pattern=.*password|.*key|.*token|.*secret

# Extension names for application customization.
app.extension.names=

# Audit log format.
app.audit.log.format=

# JVM options for the crawler process.

     */
    String getAppDigestAlgorism();

    /**
     * Get the value for the key 'app.encrypt.property.pattern'. <br>
     * The value is, e.g. .*password|.*key|.*token|.*secret <br>
     * comment: Regex pattern for properties to encrypt.
     * @return The value of found property. (NotNull: if not found, exception but basically no way)
     */

#### Encryption at Rest
* [alpha] Encrypt secrets stored in etcd. For more information, see [Securing a Cluster](https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/) and [Encrypting data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).

#### Node Authorization