From bfa08524659d2367b52eec0dbd2d0797431c453f Mon Sep 17 00:00:00 2001
From: Maxim Nesen <maxim.nesen@oracle.com>
Date: Mon, 25 Mar 2024 14:08:33 +0100
Subject: [PATCH] Examples security validation (#8498)

Signed-off-by: Maxim Nesen <maxim.nesen@oracle.com>
---
 examples/config/changes/conf/secrets/password |   2 +-
 .../examples/changes/OnChangeExample.java     |   4 +-
 examples/config/sources/conf/secrets/password |   2 +-
 .../sources/DirectorySourceExample.java       |   6 +-
 examples/dbclient/jdbc/README.md              |   5 +-
 .../jdbc/src/main/resources/application.yaml  |   6 +-
 examples/dbclient/pokemons/README.md          |   2 +-
 .../employee/EmployeeRepositoryImplDB.java    |   4 +-
 examples/integrations/neo4j/neo4j-mp/pom.xml  |   2 +-
 examples/integrations/neo4j/neo4j-se/pom.xml  |   2 +-
 .../idcs/src/main/resources/application.yaml  |   4 +-
 .../oidc/src/main/resources/application.yaml  |   4 +-
 .../src/main/resources/application.yaml       |   8 +--
 .../META-INF/microprofile-config.properties   |   6 +-
 .../tls/src/main/resources/server.p12         | Bin 4133 -> 4202 bytes
 .../src/main/resources/application.yaml       |   2 +-
 .../basic-auth-with-static-content/README.md  |  13 ++--
 .../src/main/resources/application.yaml       |   2 +-
 .../src/main/resources/application.yaml       |   4 +-
 .../security/ProgrammaticSecurity.java        |   4 +-
 examples/security/outbound-override/README.md |   9 +--
 .../outbound/OutboundOverrideExample.java     |   4 +-
 .../main/resources/client-service-jwt.yaml    |   8 +--
 .../src/main/resources/client-service.yaml    |   8 +--
 .../src/main/resources/serving-service.yaml   |   6 +-
 .../outbound/OutboundOverrideExampleTest.java |   6 +-
 .../OutboundOverrideJwtExampleTest.java       |   6 +-
 .../src/main/resources/application.yaml       |   4 +-
 .../security/webserver-digest-auth/README.md  |  10 +--
 .../digest/DigestExampleBuilderMain.java      |  10 +--
 .../src/main/resources/application.yaml       |  10 +--
 .../webserver/digest/DigestExampleTest.java   |  32 ++++-----
 .../security/webserver-signatures/README.md   |   7 +-
 .../SignatureExampleBuilderMain.java          |  22 +++---
 .../src/main/resources/keystore.p12           | Bin 2700 -> 2693 bytes
 .../src/main/resources/service1.yaml          |  14 ++--
 .../src/main/resources/service2.yaml          |  12 ++--
 .../signatures/SignatureExampleTest.java      |   6 +-
 .../src/main/resources/application.yaml       |   6 +-
 .../demo/todos/backend/BackendTests.java      |   4 +-
 .../src/test/resources/test-application.yaml  |   4 +-
 .../src/main/resources/application.yaml       |   6 +-
 .../demo/todos/frontend/TodoServiceTest.java  |   4 +-
 .../src/test/resources/application-test.yaml  |   4 +-
 examples/todo-app/pom.xml                     |   2 +-
 .../main/resources/full-webclient-config.yaml |   6 +-
 .../mutual-tls/automatic-store-generator.sh   |  66 +++++++++---------
 .../examples/mtls/ClientBuilderMain.java      |   4 +-
 .../examples/mtls/ServerBuilderMain.java      |   4 +-
 .../src/main/resources/application.yaml       |  10 +--
 .../mutual-tls/src/main/resources/client.p12  | Bin 4181 -> 4274 bytes
 .../mutual-tls/src/main/resources/server.p12  | Bin 4133 -> 4218 bytes
 .../src/test/resources/application-test.yaml  |  10 +--
 .../tls/src/main/resources/application.yaml   |   2 +-
 54 files changed, 196 insertions(+), 192 deletions(-)

diff --git a/examples/config/changes/conf/secrets/password b/examples/config/changes/conf/secrets/password
index 387f307495b..5bbaf875819 100644
--- a/examples/config/changes/conf/secrets/password
+++ b/examples/config/changes/conf/secrets/password
@@ -1 +1 @@
-^ery$ecretP&ssword
\ No newline at end of file
+changeit
\ No newline at end of file
diff --git a/examples/config/changes/src/main/java/io/helidon/config/examples/changes/OnChangeExample.java b/examples/config/changes/src/main/java/io/helidon/config/examples/changes/OnChangeExample.java
index aefc1fbe058..fd024a63b37 100644
--- a/examples/config/changes/src/main/java/io/helidon/config/examples/changes/OnChangeExample.java
+++ b/examples/config/changes/src/main/java/io/helidon/config/examples/changes/OnChangeExample.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2017, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,7 +54,7 @@ public void run() {
 
     private static void logSecrets(Config secrets) {
         LOGGER.info("Loaded secrets are u: " + secrets.get("username").asString().get()
-                            + ", p: " + secrets.get("password").asString().get());
+                            + ", p: " + secrets.get("changeit").asString().get());
     }
 
 }
diff --git a/examples/config/sources/conf/secrets/password b/examples/config/sources/conf/secrets/password
index 387f307495b..5bbaf875819 100644
--- a/examples/config/sources/conf/secrets/password
+++ b/examples/config/sources/conf/secrets/password
@@ -1 +1 @@
-^ery$ecretP&ssword
\ No newline at end of file
+changeit
\ No newline at end of file
diff --git a/examples/config/sources/src/main/java/io/helidon/config/examples/sources/DirectorySourceExample.java b/examples/config/sources/src/main/java/io/helidon/config/examples/sources/DirectorySourceExample.java
index 6f469ac998f..9dbf5249cc7 100644
--- a/examples/config/sources/src/main/java/io/helidon/config/examples/sources/DirectorySourceExample.java
+++ b/examples/config/sources/src/main/java/io/helidon/config/examples/sources/DirectorySourceExample.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2017, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,9 +48,9 @@ public static void main(String... args) {
         System.out.println("Username: " + username);
         assert username.equals("libor");
 
-        String password = secrets.get("password").asString().get();
+        String password = secrets.get("changeit").asString().get();
         System.out.println("Password: " + password);
-        assert password.equals("^ery$ecretP&ssword");
+        assert password.equals("changeit");
     }
 
 }
diff --git a/examples/dbclient/jdbc/README.md b/examples/dbclient/jdbc/README.md
index 04745cf479c..00e4f311ee5 100644
--- a/examples/dbclient/jdbc/README.md
+++ b/examples/dbclient/jdbc/README.md
@@ -30,8 +30,9 @@ Instructions for H2 can be found here: http://www.h2database.com/html/cheatSheet
 Instructions for Oracle can be found here: https://github.com/oracle/docker-images/tree/master/OracleDatabase/SingleInstance
 
 MySQL can be run as a docker container with the following command:
-```shell
-docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+
+```
+docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 ```
 
 
diff --git a/examples/dbclient/jdbc/src/main/resources/application.yaml b/examples/dbclient/jdbc/src/main/resources/application.yaml
index 2f1cefc9476..78ea8605615 100644
--- a/examples/dbclient/jdbc/src/main/resources/application.yaml
+++ b/examples/dbclient/jdbc/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019, 2021 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,10 +40,10 @@ db:
     # MySQL configuration
     #
     # docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
-    #   -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+    #   -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 #    url: jdbc:mysql://127.0.0.1:3306/pokemon?useSSL=false
 #    username: user
-#    password: password
+#    password: changeit
 #    poolName: mysql
     #
     # Oracle configuration
diff --git a/examples/dbclient/pokemons/README.md b/examples/dbclient/pokemons/README.md
index 76f38f8e501..ab2fc17022c 100644
--- a/examples/dbclient/pokemons/README.md
+++ b/examples/dbclient/pokemons/README.md
@@ -67,7 +67,7 @@ For details, see http://www.h2database.com/html/cheatSheet.html
 MySQL:
 ```shell
 docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
-       -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+       -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 ```
 
 
diff --git a/examples/employee-app/src/main/java/io/helidon/service/employee/EmployeeRepositoryImplDB.java b/examples/employee-app/src/main/java/io/helidon/service/employee/EmployeeRepositoryImplDB.java
index ca1b6537c9c..6e2d2c93063 100644
--- a/examples/employee-app/src/main/java/io/helidon/service/employee/EmployeeRepositoryImplDB.java
+++ b/examples/employee-app/src/main/java/io/helidon/service/employee/EmployeeRepositoryImplDB.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2019, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@ final class EmployeeRepositoryImplDB implements EmployeeRepository {
         String driver = "oracle.jdbc.driver.OracleDriver";
 
         String dbUserName = config.get("app.user").asString().orElse("sys as SYSDBA");
-        String dbUserPassword = config.get("app.password").asString().orElse("password");
+        String dbUserPassword = config.get("app.password").asString().orElse("changeit");
         String dbHostURL = config.get("app.hosturl").asString().orElse("localhost:1521/xe");
 
         try {
diff --git a/examples/integrations/neo4j/neo4j-mp/pom.xml b/examples/integrations/neo4j/neo4j-mp/pom.xml
index f9346bb015c..bca2fb577f6 100644
--- a/examples/integrations/neo4j/neo4j-mp/pom.xml
+++ b/examples/integrations/neo4j/neo4j-mp/pom.xml
@@ -28,7 +28,7 @@
         <relativePath>../../../../applications/mp/pom.xml</relativePath>
     </parent>
     <groupId>io.helidon.examples.integrations.neo4j</groupId>
-    <artifactId>helidon-examples-integration-neo4j-mp</artifactId>
+    <artifactId>helidon-examples-integrations-neo4j-mp</artifactId>
     <name>Helidon Neo4j MP integration Example</name>
 
     <properties>
diff --git a/examples/integrations/neo4j/neo4j-se/pom.xml b/examples/integrations/neo4j/neo4j-se/pom.xml
index cd910729d37..2482834a669 100644
--- a/examples/integrations/neo4j/neo4j-se/pom.xml
+++ b/examples/integrations/neo4j/neo4j-se/pom.xml
@@ -28,7 +28,7 @@
         <relativePath>../../../../applications/se/pom.xml</relativePath>
     </parent>
     <groupId>io.helidon.examples.integrations.neo4j</groupId>
-    <artifactId>helidon-examples-integration-neo4j-se</artifactId>
+    <artifactId>helidon-examples-integrations-neo4j-se</artifactId>
     <name>Helidon Integrations Neo4j SE Example</name>
 
     <properties>
diff --git a/examples/microprofile/idcs/src/main/resources/application.yaml b/examples/microprofile/idcs/src/main/resources/application.yaml
index 1680e0e4102..307a9647d59 100644
--- a/examples/microprofile/idcs/src/main/resources/application.yaml
+++ b/examples/microprofile/idcs/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ security:
     # This is a nice way to be able to override this with local properties or env-vars
     idcs-uri: "https://tenant-id.identity.oracle.com"
     idcs-client-id: "client-id"
-    idcs-client-secret: "client-secret"
+    idcs-client-secret: "changeit"
     # Used as a base for redirects back to us
     frontend-uri: "http://localhost:7987"
     proxy-host: "if you need proxy"
diff --git a/examples/microprofile/oidc/src/main/resources/application.yaml b/examples/microprofile/oidc/src/main/resources/application.yaml
index 5bdb5369c43..2a9747a2417 100644
--- a/examples/microprofile/oidc/src/main/resources/application.yaml
+++ b/examples/microprofile/oidc/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ security:
     oidc-identity-uri: "https://tenant.some-server.com/oauth2/default"
     # when you create a new client in identity server configuration, you should get a client id and a client secret
     oidc-client-id: "some client id"
-    oidc-client-secret: "some client secret"
+    oidc-client-secret: "changeit"
     # issuer of the tokens - identity server specific (maybe even configurable)
     oidc-issuer: "https://tenant.some-server.com/oauth2/default"
     # audience of the tokens - identity server specific (usually configurable)
diff --git a/examples/microprofile/security/src/main/resources/application.yaml b/examples/microprofile/security/src/main/resources/application.yaml
index bdbb4f58891..2ea4cce613c 100644
--- a/examples/microprofile/security/src/main/resources/application.yaml
+++ b/examples/microprofile/security/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,13 +27,13 @@ security:
       realm: "helidon"
       users:
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "password"
+        password: "changeit"
         roles: ["user"]
       - login: "john"
-        password: "password"
+        password: "changeit"
   web-server:
     paths:
     - path: "/static-cp[/{*}]"
diff --git a/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties b/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties
index eb65e6a917b..2c3978a78bc 100644
--- a/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties
+++ b/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ server.host=0.0.0.0
 
 #Truststore setup
 server.tls.trust.keystore.resource.resource-path=server.p12
-server.tls.trust.keystore.passphrase=password
+server.tls.trust.keystore.passphrase=changeit
 server.tls.trust.keystore.trust-store=true
 
 #Keystore with private key and server certificate
 server.tls.private-key.keystore.resource.resource-path=server.p12
-server.tls.private-key.keystore.passphrase=password
+server.tls.private-key.keystore.passphrase=changeit
diff --git a/examples/microprofile/tls/src/main/resources/server.p12 b/examples/microprofile/tls/src/main/resources/server.p12
index ff8e4ddfc7fc9907376df9a9fb5d453a466c6196..d2599833af58546bbd5fb7633ef73d46a1d8ccbd 100644
GIT binary patch
delta 4145
zcmV-15YF$VAnG80FoF<f0s#Xsf)F1D2`Yw2hW8Bt2LYgh5D)}{5DYMa5C|}W1*8TE
zDuzgg_YDCD0ic2fl>~wXkuZV<jWB`*i3STQhDe6@4FL=a0Ro_c1wb%@1w1fj1_>&L
zNQU<f0R;^(Sui*T2`Yw2hW8Bt1q?7N1Qe~1-!zYnH<opOfR24RHXyjJ{Ogti0w)jx
z0U$681_&yKNQU<f0tp2GFdYU7V1`HmWdj5ODg+Q${~3py)MU3=?~bGiDuYG@f&|bR
z$k&8s)teZ@{HCWnw3(c&l8Kbl3iHKa^c>YfFDcczcS6h3M*!l6ZL8N+(5J8$1uLZ6
zVa>&Dm%2!Q{|YNdOWG@Kf}eGhdm?Z5;b}5Bo$>Ld1=KC9zvCF?sLg}5m9sq1{KKEe
z_?DXxIv)TxR8{V<9fkB_f59eZupsnwdnuSDF2JK2>L`KR?-?_gzG)otm>9`rb%?FG
z(DD=nfb3mvMBA=f`}W@w`a*P4q57G9;F3Uwp2bRkDHx9Ja>~)h_<OE}er@rlix-Q~
z&!h1=_Yz7ixJN`yQiPaWa(m3MRZwat{rqEwUkVCK9oaV~Yg_XUPXrkJoU80fgOOBY
zm#$d*7u6myF&{Jh7&Z_Ew=c`XO6vG!kC+e-S`3se?ETw$%lp*PUqjTP6#GmT&Wu<Y
zh+|EEp5B@%;LUEwe1rGZ035t)x>SW}wwdXRBV6?l1Gs4o5dNk%%KSqn!y`uyJg>CP
z8U3+4&l|~il24wR%>)g)F{XriO#(2q&U%}6^^!0O`~8=Tg(fd}pUF%c8C287&|Q8<
zHgpejI4p<nl~%1K%nLRyS_8XO4s7SCx0ly{dZklec%0Q$9OPjPMKC~01P+x2yoYqO
z!fmaNo~c`4#Yr(pnswmq4c+X)!U795GqDNu6)KQs%eg?sVA?q727Ye&B(2~-b(yDj
zSpUXo6yzXjE*+|d2ql2fdr{QfxUi2PCj2-18ff^oUjDpSDr$Zz_kLnS5xEu36kGg%
zg-}wvAUiy)DI@E9eeb2UJdD|PgpEb=*uq0XT8h3c>rnsl`f$p43Ntl(dk&%TL2xd-
z6ZJM?mr~QcUnt@r;^UGt<N%@@d-w8M;sLbe?UeYHUmO1J=b$@5$<R`E#lqgtm1zz>
zTN4HRJia9=moPh|=&D(M-eBb9nP*9VZbIaw6{8}p4*=I^$6qawt+`;DFkB<{GTqFT
zyE){|sSw)CGKT~W=38(6ttVZegakIGjOp#MOuDl|`L|=lO0HjYwPK!<-+Bexu6gb3
z7I6YyVq`jtoi)?)(B%=h$m-0nCVu|kh}Ju;pmzyO8%Pp4Of2LfDN>Kl0HAn(-_bm`
zZl4evk(MD`2#XDhvG83mAuSKjfUmB-kT5P#bWS5bQIBAeYL?y85%~n4!Z*)CFLc1+
zbe<N64JxEOUcXdzK6if<K>}I%g~b{%7r<j*&HSC8Hp^w*yE~5<rOZAPZy1}oi<_db
zI3tVQOfuh*>)WU-Wynyt#mE4Ei&b+*U*qO|j0Cz+!_T7A{~)_YiN?%%5T=p$kztnM
zs}U-oz%A8U8l6>a8qhFZEc?u526El%htjat;DXgTnwY#%VB|}y^1R)@N@^{HbL7bI
zpM?J{TzLXpm)Ium$DW$A;MaVl35)HPU|c~I(`8&OFzazoa_$l4C*{6>?MxnF@IMdn
z5?8hxd%%~ExBhGN1m;IOW6R$yg~miajWAdljz>_vi|Ar=JYt^;6*#s)ZqiFA=k=QJ
zp}W=ZA^+m0QAPb8(Dv>uBwia39QS&-)RWy><D>?#cRK+zJ=xKAJ*zz39J4Wdz#<?K
z%|Ab-d_QK-v3~BRpJ_cEb{TO^<tTNz-`u^YqRzRS_^P1~eO6>JFYEfa4U<g;EDSd=
zIWaLaG&walH87Kf1v`IzD%U37C70pCkz^lgRRy9G9$b<F0|3KNfPxAL%-wq<B9QI(
zKH3a!J`8xY@OLsThoJMRw=-v}8*81i<8KLVN$&?b^4$@S)h3Im$w=X$e@6f}cSdYQ
zo`3kVEG-L^jHBbHzlYG@^inu%Y%IS+p;x><BB4Zp5V3V-oA-afDXQ$8+3s~^uxn*`
zEzs!CV8;0#Yt8G$!v#6ZBu{KtsQqnc>J;Z&D0bx)XP98jDvC)%IH^Gcq1~H;waZt<
ztWqSZc=UEZ(*Q1%yd$Lj6s96_bN$A82B+*%s`t01ba!#Riv6X-RQ>-8<&4&kap@&G
z(m!A?^VCDtn9_eNtk`P)xCMnQSmGEpnVFA@9;Zx?M*rpX(5Z?)*~%f`Vas>EzqJg{
zma!%NCwk)>%gU-f&J>;SIVxMIMPXGTB`)(754(G^-K}1f6Aog7-EWdD)YzZbX~a%M
zDtClfy@)zu-wkz##CzzEGPa#=!K6m#`Aa6yjme}amAZfW1S(H0yUg`W{wGd5rD2b~
zwUH5SX_-TUH86}Iae@`&t4(?XbVtmU0dj-4>(*(YI5akv(iw3pycMD_9u_z$GzF$%
zeV5LOn8J=T=?611Y3z%(Y7iIQPrQ-Fq5xnK{gb2Ris2p@8pt$u-V$>AydEb<1;N8Q
z=*H_p8uovMJ)mMsE3eF%49@IS4d0ZJ^}9mT0rCI!P`Jk0FbqDtS;UfXIln?5$hb3@
z?esk1Z-I*vKLcV1;;2wsbgVE!`OXFLM>d<CcKg{UZ4Xr`dSKxnW!nY~v1|6$T);6F
zPU0&~R$lKrp0&>Pnd1XobX11B*Ph-c-XG7`$hCha>`k&U*;~(K(-~BRm{DoY)Yt3b
z>m*Olw+}b(-hc`nL#Q9oXPoJMb{5oNs`N9;>S}6v96phvtdtN<MzSWRd@R<AxOjy!
zmuI3SO>b$+*KF&j@O<ZCfN*Z#xT)=j_y#vZ9W++ur}R_-oPT4}C?mPh=R|TR-Fb-i
z*9(6wOjq>=`VMHWGGC~C+)AEdj92M@YS;Q!0q?pvtom^xj<VNg>V-8$3a>tlbJh7v
zXyFw%Q4(bfiM%q9f3O_f459mmN|(0l!ihlV!J*;^qxAkGK^G>DCd^F@h#BI&g>-d!
zLlb9?j`fdJ2K!1XDf2fjj7D$E!RcqnZGwNH3UXkf`Xy4FBasE<q_BTrFTFCRIJHiE
z%k78uo!LEYps}y%VIZ$SNUt0gJ^gW9;_Jp9(@}E8yI(I>FX|<SuqH17CaQn9_uhxT
zq5KL0ff$S|)q8ny+;;b??Wk2YgvV5gHO$Gd-k-GlAs|F7s#T5&8Ya?mY*G-UbZCEd
zyL-=qv@VrtA9O4H_9G_tl57Ar3t8Sa9;0GKm9ibhw-G;a@nHUJh>7lj4-apz35kb6
z5eXcUk8fmP<GWK$6%BV*eeR-lf#{e2E{lCmo=8A4;RLAm{|U359oz4!Lwm}mHBkb`
zc)^>86!14MbA$8#HVf8C0Us-2QmKE90Bag#*$>;pJ8Mr}6Doe0x$OW(0?lj3Ub&jo
z$MaiT4)>V1BYUh5j=yBSn|nfrb|qNEf`QtRF*kQCW7#(XX+h`9g}kfv5z$+mVxko_
z!6+Yaa-@wKgm<jLC(sH(byX}B%oFPoM=VD*X0HpP9M02>P50q#u%4YIm(hQ<nWz#4
zq@NzSG$j|3u{vUl5w71u82i#sCB7cYTpjlSY%1={BqA<H=kA|R`>a>PFKEa|vY%!U
z^LI^Lb{SK8qeJA@B4kRPZVBffcAZ3iyb-k-I3=>Aof**5g0?@zy}ARW{)Kx8i&6xN
zXm<!X$Ge2G%490p20NS7<9~meDA>XG(ZBffh}xc}JrFn#p#W0+0;%2OdKs%RUpBJ)
znCraGt7_U(EMK7kS)qGmH5Oee;03RSODNL-=1544PWoxX9tI0MddVwc_pq24&M-k9
z@m@$R_m;BCcmUKR%Io~0?q-})Q988ifAttA7J1umVa{0b0$v<LzVUyodE_Vzx7b|n
zyaKx?Zhu;`*t<Q1$^oV?r_RrVN|7h$dB+~P56VY7G&&hh+X=)+H$NN827<Qa6>B-E
z$AlRlmfBHJ)*gX+%l4{geHMVLysb7T!IO?FHHeYo3e<fe5m*Sm)3Pe0b<%6SN57J+
zvW9Ag2!c)8Uzq#r(FT7kBGKM3+~Xo408YE*51j24+1@q2XBZR50uJ0upYjJ}%ax|X
z+7Xvu3fk^)e)A&FpL&Vc1Pd}tJ4u(eYnJU)xQc@@r_+h$%qlZ<$f+@ndi*quU*$f`
z|BVl50rkN$H&S}(@|EO!q-WFFz~#(Z8l7V`DuhiZST{|?Z`Oa*1c^5jWCf^tE(9?*
zWl5>dr(wyXkp%Ms=T*i-OsV~JgwU{Ek`n1?nbxj?l#7nBB4+7~tP}6QSQaUbd$j-S
znAT;qh?$U?o*-=TAlWhrJ!-!^mD{X4{{Ra~;roe9Fuy^KnnWTHf8LBHZY!#hWxvQo
zoRoWGFCd4ChoyggU**0?x`oy-Vt%z`v1tQD7uppYMzUV`YWFxxn_JB{(L5*OQ12~S
z*Al%5b?2sg!>V~g<|c{nbk{Gxa^aEKTfB<}gfy!Dc7*UCQH_<lc3eoSR=^vj@)xo|
z-&m`(|MEXs&Fo;O{Q=P{cnWXv#D2T^SiCvuK?K8fI+=f?1hyHWtkO1iVLE)Zb5dlf
zd!vQ{=E)D!6t_tBPsVwP%W~wdn0}W?hze4-nD!VhXFo?#3K?0BE|xq%V`Sg%^=Jdv
z;Uzk7>%jiH>8@Z|wo^+bI;YOfp`KtYg#@-)&B_zKOT;99hxoYF0)-;g((djoHT)?M
z$BzTy_8xyBQWzg1X$~sSu`xU6^|LX!Fe9`Cnugl{onIDubXVsXQ4IIL17l5c9g;ox
znH?acRyJ2bb};}sA0~?mcQ7qX%iA3ezn7=H_ewE6@^%#2EF>L|!ARh?YP{hFWeY(C
z)pR+^Oh$6t|Fu@Df6-xC4l<*&k`%MMkIRC#Oj&=TbiNefSo0>vO(HDF{f|XdIJ~+?
zEi-&?+zzj(@^3FWTezCV32>ay8&%d{jz*s}iBT(2Dob5220_`euJx9wgv??5P{0w{
zh7c{1MfK(${4FOx+-C9S%jkTzLValEuBgNAuf5eW6RCcRhP6g&@STaM@>Zg~pZeg8
zM4x}lljFPo_jvE#&_=Wesj&MZ5i##ceuudMz9a6}PL{A&e8wYbgcJ55+s2YdNVt5a
zxyGW6%p!0a@QQkOk)8yVnvIyQ!P>$gd6mx?LE}Ip0G=F=0&*jnRxHEO<FOy7gk<$^
zT^MkOz*u7dtEaw#TD%7)Z0b|KA9QYXWD|KGOBTUJ877wBSK%pWrxxd+g>|QjXyjQl
z2PIQ_Cu`;b=Vv>2hoZr>clTHjFBZF#17g?|d|)5BFg`FLFbM_)D-Ht!8U+9Z6n{*Z
v+XpZc!T0JkhUs(98>cE>Cj=D!`1<EpNL9&EzPoGona%6Vg^s!c0|ADh+G5t_

delta 4075
zcmV<H4;1j~Af+IGFoF;v0s#Xsf)CmT2`Yw2hW8Bt2LYgh56c9C563Wq55q8m1z!dU
zDuzgg_YDCD0ic2fPy~VnOfZ54NHBs0L<S2ghDe6@4FL=a0Ro_c1p6?81otp01_~;M
zNQU<f0So~HFdGCEA`slc_l0>H5BeS3FAe+83|dsG0s{bl!%zf*1jwTkH{i-jqE)s<
z*Q{Y7Y{*T9%rD>jz$ly2XySr_M@#z`6xz{*V4f>rr9V+X!@m0mVcjO-*$&5G^!=N8
zCvNSPED{_4hw3^ai(##&baAC2%ZTD(hSkvSj3=rE?cgTxz^vsvjOXy=Pjg!#4*1kD
z{l>(PcC!C})pTkTF>qE&aPc#DLix9^{}0A(@h5w+C`=TJCXEID__6K8<7g&qVMuYc
z7}lW_C%@gbvk(?0m&BRV<6$QGIt;w77Bn+^dJZq=40qsfx&E3!nhajD?7XYO5{dfX
z1Z@uiP}zI-U-^_SFx_eNXn=I>|5Mb1@)c72<Aw)+!~i&&3b2=CEOHJPbF+b%f|2U^
zNej<wNrvA*ZSBdi;luF%gAcid++ORVj9VJP+O|oO!rji0Bc?G>TkxbqhXtoujXlmo
zP5ofJWoJUDUp<g(-UQdmuv+N2a=0A;idUPH9S;1_=oV%<qO^eJ7(ws2r=MaPQ8X2r
zFRucBvvZIbe2-a@9<3bX^(FGyuJ-8JNMMDGPnFJQX41r0KLo(UtrU^VFp(?&bD+;I
zu{~2_`Rm*$a7n(q_PSMXj%EF_V+^s-;I6%?X>9`O=9ZYT!Rcx`JdE-hn>LO3=BF?z
zGG4BXOKPQ>O{w~w%m(W3s9lVxa%7=Jx%W$d=+q^nNR(VT74mmCJyf!GzE5I!wpsH|
zISk#HSY@{>9HZF9dM}o<;MjpMm_!Gkn;UW^1RQ9o!C-I>j*tbUSJ4(wFANVmIcdei
zrp?kr#s`s+6_xgRo`-@OY@0_Q^8|vGiNvystAdcv*Tn9-YMD|()I<XY+ZsJ(D3oe{
zN}I&JP@lfLx+vg@sWRODOVGJW1_X(2Ix(tL?*ZZsr<(zLs-mmjy`pH6ee8J(I8Ur1
z;87l&UQ5^rYA-5=`J-%VJhYDt0dBS`Oh66pMYw7rwZCjc<glSqkF9M+KypZ7bWk-r
zXNPaRn7j+qC1eF)to3o|^jLShy;QP)qzV)T5GKiD<0Az6{9d~LaI^HkXeQmzLQ4tX
zMXMlk4&0ESgunp*p?VB!44lLbM;8Nw&(?3XX*sVVu2S@%0B8Fd@a1~=<<i%eCo5Oo
zXG6YirXWY_WPHwcSya@wV!ghS9Yr7Ag|=K3claYqg(b$tYZr<YjT#7w^n`_f?pnM0
z4zn7A)Ke2{(YNHmEtl%lyXFaXv1|a1HH`!UkR1Jq5tm>2rGM{ujer3T5Ed|@E$cO8
z%fJ>13<MaOW-f*23%kRt07&-XSO<CLwnr464f}bYMl)zJfJe1{;1k0k)!%?lOvm{I
z6U?T~?kNXKf5oO@OS6J}&=5O+WgMoKc-PmNeyi=+*l}Ob(VEAz-rBTQQE)HNr;XVP
z8%u~Juq(p9C<X>51M~3@btNcoyT)jR-QAvy%9lA4w|SOLM~7nCJQwW477nEFD$rrq
zAXT=eXm>mSN<~vx6)d8DROi*~;MF7tqulC<JjmThjgRfP5UL-zg!YbCoe!yUtuFjg
z^IM&RPp^hP9-m;|kOaGp{->MZ0haep?EsN!ehy@@vZJo6%Z9<tln1DYzsdHkraqEv
z2Kr>{_-#`E%>31{z$b7&85xP^GmRtBA@Meok_9XbH90XjI5agjGB!9ilgb4<f1fXD
z^>sQv+f-KC6*&jZRWil{#sUKX!%%>N3J9qM$ic1Tng~bURt;A8r7*((E~#<US;B2}
zFs8tUEv^v;?E#YHd<@wsoKm^D;Fdri$)gB`yX5=>3WS<`lLq1hKWrX&#su94stx}y
zoy~!$Y2Q+^zL57myPsp3Y&Pp+e^DjFn5|FYqT#Esw)o8m+}F%RvzQIJR<~g;Xx0Pc
z#NElqf|r*|9hBYiWOKM-rX_1}{l0t20D=ebG(1;JMKd3C8nRhm;PDR}FJNWn8FjZp
z`1ppnOo}#<m}KmRLpEbC^Pk4en>Ihl{pY_T#Qy81iM!u<l^YK|sP*B<e=~eU<!CE6
z#<Z9XQdFhE<uX{UhLb1yT`q~@G2IC+sy|uhsv^py0si6zj4~qr)jO8E#0(@4`BcPn
zceA)S!<bK$*<`IoD+e3=Cva?{bizd{KI*aY0V2NC1?GDAim7FIbBB%9nl2hM3M7&+
zlM?Cx0Ax|&9hpIvLTdr_f5B`bgKjmlz->kLSExFXUAV-0yd*sR#xd@37o1lSmTg)$
zT|~28nQE_r3hJJp*Zi61hFMoSwHeqvM3;m|0cf~a5!5$C?oB~1A_@NsvlIU(job{=
z%g*9+uo_l7yV!>WiA$uI`lmNOy>9JmydG4x)(m!EtPmM2`DQ^9e`@yrv5YL7O=Uy_
z@8GIObsuxI=c3E>Al$GCxDNV*dAHutr=43mgJ(9j1@Jhq@9HjzmhMum>h{ZQyF8g~
z{s(n7?<jpmh>|;NdZ9&w5D4ze<AiWC;=n127*cbQ7_9BtLecI&J(t*;={po&tm+~N
z{`#W7t9ms#ib$ACf5P%&zCaxT%{YQVfkX$PoW&0PEBvSrlrP6qn2z1_@6$9@!tr{z
z4abV96ko)$0g987PJCYxr)~1Dm-+n6`)uD&xt@kOQXIj4H=wTM<s4X6cg1>eB9{16
z+yBy|xEGF;v9?z6|8wHPM}7myR(1UE0wY@VOkE6UabKBaf208##U728q3L}UM-UuK
z_sBRwbp#~8F48S-!B88Tq-+PKQJ~a0Go;79*OG%X*^m>)w35|7|M+P6Q@Gjcpmy6t
z&SKzBk*JTw9cdg;?%f9RaJRxbU8z(?p9V`&USP=|O=^<Qpp65DU9FVM{Kx3!!d|8r
z+NUeuTX<1Lf4~NYsFq9kD}q<WHNFI0?%KAl{O<;JD^zhl6~grjJg?7M76jd1xsZEu
zRir4&mCULuuJ{CXJc|4Dvb^=f6ITV9p}64-t3g`w-@v)7lFRmp%gx)5)k^*hu91Ye
ztNbipq@vNgQ|)LEXKQxw+s9FW7cq6^?mYuJ;{J1<f6Z2bwCWYpnuJ3X5pIqCC1@}k
z4`wYU%AcA;r(8yNYF<|zY=VN?S0x=9aB>_;2sE9T-jmhAh6Wt|0#?zoHLqAFN>&{0
zsI&<qKLR<?Ndy2@K+xG)Mg7v(lV+fw&G)k4%ZWRafgbMJU9PF%KtI>azb5(@S^;iS
zcMZEFe>|Q^sA$o~PKQWnf+yjTLyDyCoMiTa$2CxbOHQU=MmnazhY_2Bx<fzZwSnBi
z!Gu!&y|tZ#?ruy~KKTE$(v!iG^;L3s>v`HBW=c>1qXJ>G(k)QLF8<ZDLBUO2sN94>
zDR+&WJ~(ybS%ntPtTLKt%%6z1uc#JHc_Coye>-=xxadG;{(A8ROyxB|74Xmv_8`>t
zA1pp>`(Bchb<O;#g(tRo%X0!iW=Ai-*!C5c9ZNaP_N!?!EXpA{H6S*_2b_*4lU7=o
z$-9@3?8u0Z##TWLONN+Iz*W|(t=;65(V=JXoOFj1>5{?fiUO>~!IyhSQ_W|{e$ra>
ze~={smj$8KW||KU7gpi-_aJ6cg=aQvGnWScLYW*TkZQn&1j|YG4%_DC=}w|++CTtt
z4QqaCovk+jrY<|?D+RcppAu)wW0^`D)vNveI7hBa_!gWKtM0+caK_tHb{obHoq(?1
z94dNlUVj{=W5si4p7ynf#FU^thhHT=e;Gzo4i~EruajiPT1B}=A*TXd=x>gGooXH1
zSA%@KdsjOmf{#|fs4v6ifT=9Hxo?Ec9KIo=WhhHchdK1y)r+a5{MF$%|H*Lv(Z1n5
zJm}J`cZudE923c=K$^5j{^~(#PSr<o(sUEn5HtGD-H<p|1)RzwU(XHyE1zZ^e+EX1
zSo+xjC{G>H{|mcn;QuD?cvj?1xV7|Yw}rz@=Lg6a+DF}xG}E`o4g~5zyY)|mW;C^6
z{He&gf?Lm|EjL)SD0j1sK63jf@I_J|$%k2r2UeI{-H-@|%TL4G)W5q;7sQt(^DdF@
z-MT9R%r)A6`WL*ZaMd}~(GwKue_e2n|BC?-#S_HI`coqa%M318qpG+xanb;Ze$Y?N
zGfnpF%>|R=#8CR70?~yS&_xIObL*?N_!O47Q{}?aPZkZgU%Lndp?Y(IZS>vu|F{QU
zpUS}yH|wV`vCQey5*(QVLqS|UqGG7#O)?Rqp8*^6jpC8i7S4eFFaQ<qf7zk!B3<({
zv17nU1gK|!qGi6}-$MRJrbPx(IH7Vdb<%x|`uJ6jYiQ(_)xjzUgx>QW#5nQmA?H&2
zQWhOv@xxct7h<*ld?yy`^;{6RQ(98n@H+@e!#u#OWlHJsJvOAq1Db<JC{6G&g@-?)
zG-mGDEiQc*s*Sls&BxY(e+8VBxF)HE1ww0#s~vQ7pE*HrkHvP$yc+kJ+SajokQC1e
zqU`ouw!`{3IsIps%Pi>Q6DA#}gc*Ge9>Db*KY%w|Dux@Z$ZHRRXT+}uL-k<g#d<l=
zv=xC)1?QiE#t>lsGK-6MG5~ENC1TwDo}%YQX3FWr`cXTu&zK%~f73MKzmms2m--^_
zrYFEelY$yitm1YHGH3eA*Vb4Zhg#gQw^Yj9chpK%`vA1~^D)6|39rtW-CP5_9W&B2
zGpNrqZt;UVO5CsV`n;S%QtAJinIM8s*`&>yvC|I$|8YN`9n!$**bRK8OP0A`Ro+JK
z(3OIt)wxbQ?$5n(f0N4czVuK{u_ELOT+>$jCV*6(dC@QDwo-u-A%~Yu*biL+f_)B+
z#(WY$K9k(6Pq=u<lSfVM$$BElIdDESd;tU+{I;TS3#$WRzpiZUVUOI~?_k;_=dElt
z3p|ZuM%2p{+v`)vL5pEWon{0+ey!264d=t-I9T5YHKa*de`UvN0khR#+p{PcPI<nk
zVt4%7cb|<U>eUTr>32V=n#o-Jr{f;1{n{b-+r9JUgEir^;v!{id~B>8MPK`50s9D+
zsLB$e3u|d7#@(O$Db_lfTu505Z??UIbs@Z_^on(~wpUZlH?<&EKWDKA0KGwxN>R4<
zyc|=8%|^5RdBG(riqf@!zqrO3xmz>UfWaW;P;Q{a5k^)DX$!K20M|*MCS$YhtM%N7
zi|S!lE+iX~65X0|*cvcCFd;Ar1_dh)0|FWa00b18U|<o}iy4h`JWV+{8K^#__@A-_
d6mrgA?AW_QlAz&>P>@sVerH;)@d5(@hM+s->bn2{

diff --git a/examples/openapi-tools/quickstart-se/se-server/src/main/resources/application.yaml b/examples/openapi-tools/quickstart-se/se-server/src/main/resources/application.yaml
index 9f9b37730e4..c954b645b56 100644
--- a/examples/openapi-tools/quickstart-se/se-server/src/main/resources/application.yaml
+++ b/examples/openapi-tools/quickstart-se/se-server/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2022, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2022, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/examples/security/basic-auth-with-static-content/README.md b/examples/security/basic-auth-with-static-content/README.md
index bb35baff1bc..fcc3952c4c9 100644
--- a/examples/security/basic-auth-with-static-content/README.md
+++ b/examples/security/basic-auth-with-static-content/README.md
@@ -21,12 +21,13 @@ java -jar target//helidon-examples-security-webserver-basic-uath.jar
 Try the application:
 
 The application starts on a random port, the following assumes it is `56551`
+
 ```shell
 export PORT=37667
-curl http://localhost:${PORT}/public
-curl -u "jill:password" http://localhost:${PORT}/noRoles
-curl -u "john:password" http://localhost:${PORT}/user
-curl -u "jack:password" http://localhost:${PORT}/admin
-curl -v -u "john:password" http://localhost:${PORT}/deny
-curl -u "jack:password" http://localhost:${PORT}/noAuthn
+curl http://localhost:56551/public
+curl -u "jill:changeit" http://localhost:${PORT}/noRoles
+curl -u "john:changeit" http://localhost:${PORT}/user
+curl -u "jack:changeit" http://localhost:${PORT}/admin
+curl -v -u "john:changeit" http://localhost:${PORT}/deny
+curl -u "jack:changeit" http://localhost:${PORT}/noAuthn
 ```
diff --git a/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml b/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml
index 63a3e5330db..a4394886921 100644
--- a/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml
+++ b/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/examples/security/idcs-login/src/main/resources/application.yaml b/examples/security/idcs-login/src/main/resources/application.yaml
index a5877f167f4..38e550d35d9 100644
--- a/examples/security/idcs-login/src/main/resources/application.yaml
+++ b/examples/security/idcs-login/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2021 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ security:
     # This is a nice way to be able to override this with local properties or env-vars
     idcs-uri: "https://your-tenant-id.identity.oracle.com"
     idcs-client-id: "your-client-id"
-    idcs-client-secret: "${CLEAR=your-client-secret}"
+    idcs-client-secret: "${CLEAR=changeit}"
     proxy-host: ""
   providers:
   - abac:
diff --git a/examples/security/nohttp-programmatic/src/main/java/io/helidon/security/examples/security/ProgrammaticSecurity.java b/examples/security/nohttp-programmatic/src/main/java/io/helidon/security/examples/security/ProgrammaticSecurity.java
index f2f144c767e..1bfa51aff7f 100644
--- a/examples/security/nohttp-programmatic/src/main/java/io/helidon/security/examples/security/ProgrammaticSecurity.java
+++ b/examples/security/nohttp-programmatic/src/main/java/io/helidon/security/examples/security/ProgrammaticSecurity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -135,7 +135,7 @@ private Subject login() {
         SecurityContext securityContext = CONTEXT.get();
         securityContext.env(securityContext.env().derive()
                                        .path("/some/path")
-                                       .header("Authorization", buildBasic("aUser", "aPassword")));
+                                       .header("Authorization", buildBasic("aUser", "changeit")));
 
         AuthenticationResponse response = securityContext.atnClientBuilder().buildAndGet();
 
diff --git a/examples/security/outbound-override/README.md b/examples/security/outbound-override/README.md
index f14c6fc761d..75e70a6909a 100644
--- a/examples/security/outbound-override/README.md
+++ b/examples/security/outbound-override/README.md
@@ -12,9 +12,10 @@ java -jar target/helidon-examples-security-outbound-override.jar
 ```
 
 Try the endpoints:
+
 ```shell
-curl -u "jack:password" http://localhost:8080/propagate
-curl -u "jack:password" http://localhost:8080/override
-curl -u "jill:anotherPassword" http://localhost:8080/propagate
-curl -u "jill:anotherPassword" http://localhost:8080/override
+curl -u "jack:changeit" http://localhost:8080/propagate
+curl -u "jack:changeit" http://localhost:8080/override
+curl -u "jill:changeit" http://localhost:8080/propagate
+curl -u "jill:changeit" http://localhost:8080/override
 ```
diff --git a/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OutboundOverrideExample.java b/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OutboundOverrideExample.java
index aab0ef29d28..d77672c72ab 100644
--- a/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OutboundOverrideExample.java
+++ b/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OutboundOverrideExample.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -94,7 +94,7 @@ private static void override(ServerRequest req, ServerResponse res) {
 
         webTarget(servingPort)
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jill")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "anotherPassword")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .thenAccept(result -> res.send("You are: " + context.userName()
                                                        + ", backend service returned: " + result + "\n"))
diff --git a/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml b/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml
index 9661c20a1b4..c4d11dba67a 100644
--- a/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml
+++ b/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,13 +25,13 @@ security:
   - http-basic-auth:
       users:
       - login: "john"
-        password: "johnnyPassword"
+        password: "changeit"
         roles: ["admin"]
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "anotherPassword"
+        password: "changeit"
         roles: ["user"]
   - jwt:
       allow-impersonation: true
diff --git a/examples/security/outbound-override/src/main/resources/client-service.yaml b/examples/security/outbound-override/src/main/resources/client-service.yaml
index 94b3924f9fb..0219ab30eeb 100644
--- a/examples/security/outbound-override/src/main/resources/client-service.yaml
+++ b/examples/security/outbound-override/src/main/resources/client-service.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,13 +19,13 @@ security:
   - http-basic-auth:
       users:
       - login: "john"
-        password: "johnnyPassword"
+        password: "changeit"
         roles: ["admin"]
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "anotherPassword"
+        password: "changeit"
         roles: ["user"]
       outbound:
         - name: "propagate-all"
diff --git a/examples/security/outbound-override/src/main/resources/serving-service.yaml b/examples/security/outbound-override/src/main/resources/serving-service.yaml
index 56e7653174d..e40cfd46a69 100644
--- a/examples/security/outbound-override/src/main/resources/serving-service.yaml
+++ b/examples/security/outbound-override/src/main/resources/serving-service.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,10 +19,10 @@ security:
   - http-basic-auth:
       users:
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "anotherPassword"
+        password: "changeit"
         roles: ["user"]
   web-server:
     defaults:
diff --git a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java
index fb7b5276764..dd641510a53 100644
--- a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java
+++ b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2020, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,7 +61,7 @@ public void testOverrideExample() {
         String value = webClient.get()
                 .path("/override")
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jack")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "password")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .await();
 
@@ -73,7 +73,7 @@ public void testPropagateExample() {
         String value = webClient.get()
                 .path("/propagate")
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jack")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "password")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .await();
 
diff --git a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java
index c6745bb4829..d6151f519b0 100644
--- a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java
+++ b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2021, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,7 +61,7 @@ public void testOverrideExample() {
         String value = webClient.get()
                 .path("/override")
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jack")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "password")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .await();
 
@@ -73,7 +73,7 @@ public void testPropagateExample() {
         String value = webClient.get()
                 .path("/propagate")
                 .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_USER, "jack")
-                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "password")
+                .property(HttpBasicAuthProvider.EP_PROPERTY_OUTBOUND_PASSWORD, "changeit")
                 .request(String.class)
                 .await();
 
diff --git a/examples/security/vaults/src/main/resources/application.yaml b/examples/security/vaults/src/main/resources/application.yaml
index ec6dad51935..f2328b3575c 100644
--- a/examples/security/vaults/src/main/resources/application.yaml
+++ b/examples/security/vaults/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2021 Oracle and/or its affiliates.
+# Copyright (c) 2021, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -51,7 +51,7 @@ security:
       config:
         path: "app/secret"
         key: "username"
-    - name: "password"
+    - name: "changeit"
       provider: "oci-vault"
       config:
         ocid: "${oci.properties.secret-ocid}"
diff --git a/examples/security/webserver-digest-auth/README.md b/examples/security/webserver-digest-auth/README.md
index ac0addca062..969649f4689 100644
--- a/examples/security/webserver-digest-auth/README.md
+++ b/examples/security/webserver-digest-auth/README.md
@@ -23,9 +23,9 @@ The application starts on a random port, the following assumes it is `56551`
 ```shell
 export PORT=42677
 curl http://localhost:56551/public
-curl --digest -u "jill:password" http://localhost:${PORT}/noRoles
-curl --digest -u "john:password" http://localhost:${PORT}/user
-curl --digest -u "jack:password" http://localhost:${PORT}/admin
-curl -v --digest -u "john:password" http://localhost:${PORT}/deny
-curl --digest -u "jack:password" http://localhost:${PORT}/noAuthn
+curl --digest -u "jill:changeit" http://localhost:56551/noRoles
+curl --digest -u "john:changeit" http://localhost:56551/user
+curl --digest -u "jack:changeit" http://localhost:56551/admin
+curl -v --digest -u "john:changeit" http://localhost:56551/deny
+curl --digest -u "jack:changeit" http://localhost:56551/noAuthn
 ```
diff --git a/examples/security/webserver-digest-auth/src/main/java/io/helidon/security/examples/webserver/digest/DigestExampleBuilderMain.java b/examples/security/webserver-digest-auth/src/main/java/io/helidon/security/examples/webserver/digest/DigestExampleBuilderMain.java
index 641201c0420..64bee43dd5a 100644
--- a/examples/security/webserver-digest-auth/src/main/java/io/helidon/security/examples/webserver/digest/DigestExampleBuilderMain.java
+++ b/examples/security/webserver-digest-auth/src/main/java/io/helidon/security/examples/webserver/digest/DigestExampleBuilderMain.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,9 +48,9 @@ public final class DigestExampleBuilderMain {
     private static final char[] HEX_ARRAY = "0123456789abcdef".toCharArray();
 
     static {
-        users.put("jack", new MyUser("jack", "password".toCharArray(), Set.of("user", "admin")));
-        users.put("jill", new MyUser("jill", "password".toCharArray(), Set.of("user")));
-        users.put("john", new MyUser("john", "password".toCharArray(), Set.of()));
+        users.put("jack", new MyUser("jack", "changeit".toCharArray(), Set.of("user", "admin")));
+        users.put("jill", new MyUser("jill", "changeit".toCharArray(), Set.of("user")));
+        users.put("john", new MyUser("john", "changeit".toCharArray(), Set.of()));
     }
 
     private DigestExampleBuilderMain() {
@@ -95,7 +95,7 @@ private static WebSecurity buildWebSecurity() {
                 .addAuthenticationProvider(
                         HttpDigestAuthProvider.builder()
                                 .realm("mic")
-                                .digestServerSecret("aPassword".toCharArray())
+                                .digestServerSecret("changeit".toCharArray())
                                 .userStore(buildUserStore()),
                         "digest-auth")
                 .build();
diff --git a/examples/security/webserver-digest-auth/src/main/resources/application.yaml b/examples/security/webserver-digest-auth/src/main/resources/application.yaml
index 4bea9c12abd..151f5917ca1 100644
--- a/examples/security/webserver-digest-auth/src/main/resources/application.yaml
+++ b/examples/security/webserver-digest-auth/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2016, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -22,16 +22,16 @@ security:
     providers:
         - http-digest-auth:
                 realm: "mic"
-                server-secret: "aPassword"
+                server-secret: "changeit"
                 users:
                     - login: "jack"
-                      password: "${CLEAR=password}"
+                      password: "${CLEAR=changeit}"
                       roles: ["user", "admin"]
                     - login: "jill"
-                      password: "${CLEAR=password}"
+                      password: "${CLEAR=changeit}"
                       roles: ["user"]
                     - login: "john"
-                      password: "${CLEAR=password}"
+                      password: "${CLEAR=changeit}"
                       roles: []
     web-server:
         # Configuration of integration with web server
diff --git a/examples/security/webserver-digest-auth/src/test/java/io/helidon/security/examples/webserver/digest/DigestExampleTest.java b/examples/security/webserver-digest-auth/src/test/java/io/helidon/security/examples/webserver/digest/DigestExampleTest.java
index f61343cf2ef..1fd90845466 100644
--- a/examples/security/webserver-digest-auth/src/test/java/io/helidon/security/examples/webserver/digest/DigestExampleTest.java
+++ b/examples/security/webserver-digest-auth/src/test/java/io/helidon/security/examples/webserver/digest/DigestExampleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -93,9 +93,9 @@ public void testNoRoles() {
         testNotAuthorized(client, url);
 
         //Must be accessible with authentication - to everybody
-        testProtected(url, "jack", "password", Set.of("admin", "user"), Set.of());
-        testProtected(url, "jill", "password", Set.of("user"), Set.of("admin"));
-        testProtected(url, "john", "password", Set.of(), Set.of("admin", "user"));
+        testProtected(url, "jack", "changeit", Set.of("admin", "user"), Set.of());
+        testProtected(url, "jill", "changeit", Set.of("user"), Set.of("admin"));
+        testProtected(url, "john", "changeit", Set.of(), Set.of("admin", "user"));
     }
 
     @Test
@@ -105,9 +105,9 @@ public void testUserRole() {
         testNotAuthorized(client, url);
 
         //Jack and Jill allowed (user role)
-        testProtected(url, "jack", "password", Set.of("admin", "user"), Set.of());
-        testProtected(url, "jill", "password", Set.of("user"), Set.of("admin"));
-        testProtectedDenied(url, "john", "password");
+        testProtected(url, "jack", "changeit", Set.of("admin", "user"), Set.of());
+        testProtected(url, "jill", "changeit", Set.of("user"), Set.of("admin"));
+        testProtectedDenied(url, "john", "changeit");
     }
 
     @Test
@@ -117,9 +117,9 @@ public void testAdminRole() {
         testNotAuthorized(client, url);
 
         //Only jack is allowed - admin role...
-        testProtected(url, "jack", "password", Set.of("admin", "user"), Set.of());
-        testProtectedDenied(url, "jill", "password");
-        testProtectedDenied(url, "john", "password");
+        testProtected(url, "jack", "changeit", Set.of("admin", "user"), Set.of());
+        testProtectedDenied(url, "jill", "changeit");
+        testProtectedDenied(url, "john", "changeit");
     }
 
     @Test
@@ -129,9 +129,9 @@ public void testDenyRole() {
         testNotAuthorized(client, url);
 
         // nobody has the correct role
-        testProtectedDenied(url, "jack", "password");
-        testProtectedDenied(url, "jill", "password");
-        testProtectedDenied(url, "john", "password");
+        testProtectedDenied(url, "jack", "changeit");
+        testProtectedDenied(url, "jill", "changeit");
+        testProtectedDenied(url, "john", "changeit");
     }
 
     @Test
@@ -143,9 +143,9 @@ public void getNoAuthn() {
             assertThat(response.getStatus(), is(403));
 
             // doesn't matter, we are never challenged
-            testProtectedDenied(url, "jack", "password");
-            testProtectedDenied(url, "jill", "password");
-            testProtectedDenied(url, "john", "password");
+            testProtectedDenied(url, "jack", "changeit");
+            testProtectedDenied(url, "jill", "changeit");
+            testProtectedDenied(url, "john", "changeit");
         }
     }
 
diff --git a/examples/security/webserver-signatures/README.md b/examples/security/webserver-signatures/README.md
index 492f8ab3a6d..e43d38122b2 100644
--- a/examples/security/webserver-signatures/README.md
+++ b/examples/security/webserver-signatures/README.md
@@ -22,8 +22,9 @@ java -jar target/helidon-examples-security-webserver-signatures.jar
 ```
 
 Try the endpoints:
+
 ```shell
-curl -u "jack:password" http://localhost:8080/service1
-curl -u "jill:password" http://localhost:8080/service1-rsa
-curl -v -u "john:password" http://localhost:8080/service1
+curl -u "jack:changeit" http://localhost:8080/service1
+curl -u "jill:changeit" http://localhost:8080/service1-rsa
+curl -v -u "john:changeit" http://localhost:8080/service1
 ```
diff --git a/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java b/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java
index 6c424190482..3b506a3c9a7 100644
--- a/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java
+++ b/examples/security/webserver-signatures/src/main/java/io/helidon/security/examples/signatures/SignatureExampleBuilderMain.java
@@ -1,6 +1,6 @@
 
 /*
- * Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -55,9 +55,9 @@ public class SignatureExampleBuilderMain {
     private static WebServer service2Server;
 
     static {
-        addUser("jack", "password", List.of("user", "admin"));
-        addUser("jill", "password", List.of("user"));
-        addUser("john", "password", List.of());
+        addUser("jack", "changeit", List.of("user", "admin"));
+        addUser("jill", "changeit", List.of("user"));
+        addUser("john", "changeit", List.of());
     }
 
     private SignatureExampleBuilderMain() {
@@ -110,9 +110,9 @@ public static void main(String[] args) {
         System.out.println("Signature example: from builder");
         System.out.println();
         System.out.println("Users:");
-        System.out.println("jack/password in roles: user, admin");
-        System.out.println("jill/password in roles: user");
-        System.out.println("john/password in no roles");
+        System.out.println("jack/changeit in roles: user, admin");
+        System.out.println("jill/changeit in roles: user");
+        System.out.println("john/changeit in no roles");
         System.out.println();
         System.out.println("***********************");
         System.out.println("** Endpoints:        **");
@@ -172,14 +172,14 @@ private static Security security2() {
                 .addProvider(HttpSignProvider.builder()
                                      .addInbound(InboundClientDefinition.builder("service1-hmac")
                                                          .principalName("Service1 - HMAC signature")
-                                                         .hmacSecret("somePasswordForHmacShouldBeEncrypted")
+                                                         .hmacSecret("changeit")
                                                          .build())
                                      .addInbound(InboundClientDefinition.builder("service1-rsa")
                                                          .principalName("Service1 - RSA signature")
                                                          .publicKeyConfig(KeyConfig.keystoreBuilder()
                                                                                   .keystore(Resource.create(Paths.get(
                                                                                           "src/main/resources/keystore.p12")))
-                                                                                  .keystorePassphrase("password".toCharArray())
+                                                                                  .keystorePassphrase("changeit".toCharArray())
                                                                                   .certAlias("service_cert")
                                                                                   .build())
                                                          .build())
@@ -217,7 +217,7 @@ private static OutboundTarget rsaTarget() {
                                       .privateKeyConfig(KeyConfig.keystoreBuilder()
                                                                 .keystore(Resource.create(Paths.get(
                                                                         "src/main/resources/keystore.p12")))
-                                                                .keystorePassphrase("password".toCharArray())
+                                                                .keystorePassphrase("changeit".toCharArray())
                                                                 .keyAlias("myPrivateKey")
                                                                 .build())
                                       .build())
@@ -231,7 +231,7 @@ private static OutboundTarget hmacTarget() {
                 .customObject(
                         OutboundTargetDefinition.class,
                         OutboundTargetDefinition.builder("service1-hmac")
-                                .hmacSecret("somePasswordForHmacShouldBeEncrypted")
+                                .hmacSecret("changeit")
                                 .build())
                 .build();
     }
diff --git a/examples/security/webserver-signatures/src/main/resources/keystore.p12 b/examples/security/webserver-signatures/src/main/resources/keystore.p12
index ff2c52d6694ae5c23a1b15d971935a9fa33ba1d4..96df596265a4799186924602afa1d101e5e80baa 100644
GIT binary patch
literal 2693
zcmaKucQhM{8o-lCVkIR;sTr$khjK59+N(xX)wQ=0qqf?lMq^d+u9k?Es#<kXdseyB
z-ePl&Yewx=z2156wCDZv{`k&!zTY?g{GAVlrHKLoDNtA%5h%5Ataj`P97qYw#nNzq
zu{5mLm<ff2Wc^PIk_g5^UR>ko>xhKX{&x#T0|ez_A(Gcn3}yOb0|H0sqJ(~yFcb%v
zD$jPiy8W;z9R#8RpkPp{|C|6(LjWjFD79^@HqeOz3={^_%gY^kw{8N+e})Q67D?HS
zg0bKsmYCHO+T_{lPm9&_=mB>kNs-Ry^VPVE$zy$=%2cj3>YV1pUx*J8?&sqXRFdj%
zEF%ru62Rm0S_3$#&!r^RsS3D4E8|p6T^$OzvUzA|&{KhR9});8o%7CxVd72>rT9&b
zgqy^(Yz$0)3(!jKQfvOUB<$o)bGHkF(d8FI81Ht|7aN_=;NuH%9!NFC;{(JHgPCUG
zMCa=ZybtSOrl*qfj!k2n`TG9;zoe6;?UWY!6&cIbbr(ee>#TWW4h!3%<6bSW#k2lb
zH`oSsS$#9pXVBS>a;lgN{l#=EnKhj9rJwtkP{1NmSG?--W)!(&q<<<X_EUstuy>Jx
zmOq;vPjsAo>l>5`pQ=Dw@Pfbe@(lGIUH7uPMC9Ozu4#zUupeEQ>FX9Hj{Cj)UNXog
zAG!wr9vZrj!k0L6NAT-`jbOFK9HZ>FkAtYM2%ba*_P$^}c&NLlt-uvqcIaup6?gO2
zheNB1F^;GZVLwQFDPgqSzI>fd>s#M!UfrPTGNa2<c|44@Q67|4uZBt0c`6d#@wm+E
zWnacxlc#^3ax(9Go!OW+<w4h*rJUN1quG%bnWAlDX<RnMx`vcv5A&S?O(6$cGbtIv
zm+A2A$n12Z09&*M*je$p-5Z^e2nXwWGB>DtJ)_0VJy+ojw%I5a#;CDZX5v5ASq{^d
zapXMm=pFJKOKALycN$SJYUGzxA{`wyL7+lL&zSWEU~7@;h)!R}g_YM_&0qIKZfTJC
zPgdQ<&f_RKGxe7^+_LxqbB(W=CpFsV*k|m{s#vo}N22+xnWu*Fxop(DYUq+KeIr+A
z!_Z}~<hxGK!gjhkLz$lXaEsph1twpI@$SN@KC*xrp53d(f2d?(+b}pzUmZWK#ba)A
zM2+v&Z$xcd*}<XdGZlJD!NBgpXie6%b}gUTrqQYi^(Gr-sjPUgfG_v^SWBg#rmNs}
z@+>W=x#*kfmvU6zuk}a|09C^aNtM5?)e2({eAP3fBFaxa8T#yl(&`C2w@O=CwwlW-
z>H2fK=Zo@_SVWAZ0y8JQ6D^#f-?WFs%QiO;_lmfvgorjNvhR?Ggtg@5b1^39hOspI
zCA)m@LZTCr2T)8;mNzplrt0Kr1+6KzyzOO9V8njrArGe{pEs=ZKU`OMDvZZS_K7Cl
zkm{iQbB4}0p{F)bZg)Jg`9ad~!H|~t?`5}=DijZpIxlPm#Kso3Yc7ozBnS;A1V^<i
z+R>Q&{9A_B4SIz1$YFS3LfIxcE`G`X4||%_B11xK7&%*us*ft;?}zteDxKER@;Ta*
zYR?&ja-qJ9XoUzC7TX33z_ECM&R&Q}ZzqDZ+I}xyCjVE0Lr2%FnuGEr#efZ8nDy8B
zy`>LVd3|a34!rs!D+|g6>@hf#jC%AoUO05xOnzr{!Oq%_bVXXa@>+&|EGKPqDSt1q
zMa>_Y3rq0Bm(pYUL$X<VaeULy@M1z*Jzcrszqvjceg$C=#U+Eln=w5K-^mblrwX;C
z)alp?U(2x38+!Zq?F>U^HnT+Z7&!D6+ypaM!$lctnJ@MSy)`$6lLzhd{S-yc;NUOj
zKDQke+ShV<4vHs@(n<ii(yK3363CsS>}1aiKWY)_-Uw33oTLIu@P{9%nIze`SOFe@
zAb=OZ2jB__0N4Ti08Rk6>j*+2ehxBAg25ovwQj-QKOiME7Ynw(M%Ex8;5z-(FeMP>
z{A29e$z~|opCt?>0%p?d-58?9*8-nWO0*PlRj%#dNOT5)1nEIQ<o{JPW#MLlW14Z%
zjZH0|0r|U3kywhw_maH9Q?t}peYRkwM<n%blcx_owl1&%;GU4zF{xJ$kc2D?-*aM5
zSAa|vK3DK$XYsB4W4m}9k%Cwya(_T#GW!m9RDHXR@B}O`->YrNb1;8K@nd&7QGhrM
zf4afyvU@)NW{Q(<%_Z(a!fLMongf9ckD6`76qi46h!wB0`#5Jb?-(k5+Hq$!me^Vt
zsTla~axZ+`KSe`@FXRDMCDLFkosmHPYw-~|$DZ-#bM7qEq3%vlu|~=cq(rCGo1s(r
za8TC4O|+bk>0`6+t4Vi6cukY6-p&U?p6FqJP0Bg;Xo85Z-W$-PfYb&hN%+v2Jcl|L
ze{%oBJa9)@?4@OY&#5wJgQ4!D7#*86sv8;=k@Tsmrh<k;bDy=ARXB$v;rEhFlf38e
zv2($3x5u6Vj-GMGJ{RNOU5F0(lofOV3_YVR<CdER(DP#&+tGyDApMHiM((Yx1L});
z62DP3ptEB<M`kP>Fm_bUP+CSfoC_K)HhA1^F=tX($9hakXEVy*L}%e~179x$-h4rr
zR8>(wn(zd`Fu7b#T<x^d7RJ_L(w0|Sh)SRx(Ltk9pS>;MJH7P^)Z=Z)MTiT%)YnMN
zifYthXR8q6&XauM<<G(H1tk=S#1C~hwV^hPTPA-XBno0mqhPM<nu<nbX8ABH*vXe*
zQ)92&rW4s7x-ruZL2defQSHTqvmMj+XyDMWSUryl^YqId=^ph;E_w|=3d%5gdud?4
z&qBUgO-qbDj?ynlra-K?krzGUdbYej_uNK@T-@?4Nw_$(Mx5W+*)QddJ_kw2MVts<
z8ARr@hy5+9yW<P#U2+nwtQ8>j=ymTiP=(j2w`RxJ3bLG(<~hk(I%hxNkt0u!%xN<j
zpB%#_r*YcmA6$shxk6vUbY=qM=Ev3>?1Eq1lhc%!vOH=K#mFJ$r)DLBKQ>Ho8_c*_
z8opu<hA>tpk2HK=Z|BL{jowp}9lU=xM<Ya2@VyA?T|q&<8*9^a(=hH`ZR@96Hj4L8
zDlzdVz}=TzzwaLp;}SzoCS!9o87s#g5}Vu151a95;-}#VtwjB9--lhh*%IvwcvJJb
znqehpGyXN)w=xo08ZnOtJw7pNus$V+JK|TH%Ri$K`rk}~F9rQswU4Uat`?ea2Ht<-
z+@j|CTkm`y*Sj+YRTblmtoJKsr<hwa8Iz#Uy|NrV0$We2+?XVFr|hBEpBE}v<f67B
zp7!oDFk0#WWVqa6ugY@;9kLWevcM{Cr)ZeZ9qi<IeLb<7Q~#<YuA2Jd#VPa`UQ4~f
zjZsSjr4jFNtM2V6h0#Ei{<V1EKRz`O5CQ-ry~7#ON=1zk%cj4&>MSZ&%b~TYa242S
lkgang+076QW-@QTAnTVZGrZj@U~Q_}Ik2!yef94b@E;L!>WKgV

delta 2665
zcmV-v3YPVS6^s>sFoFt*0s#Xsf(k+g2`Yw2hW8Bt2LYgh3Nr+P3NJ8%3M(*z1y}|N
zDuzgg_YDCD0ic2fNd$rgMKFQ|K`?>^Jq8OZhDe6@4FL=a0Ro_c1nw|`1nMvx1_~;M
zNQU<f0So~HFb)I=+2A(CG<Yt?0s;sC1cC&}OzNeAc>XniavL!nB><Ki<nbmgVWURJ
z9DbNaJoNiS)a-ZGSD}eSH>x?Jg6&Yr#+qo)xN#%4B?o)4KzBMj7d?Qk2Jb(4vrZ*f
zK}p^^HhSx933rT+98(aw_%bDfrDf)wkDXiOHd+dUBvKJ<$)7{^hr{|bJ>&cOqZtG!
z?XPT9DXPJLMH1uqAkoy>b0Dog41|RYO9z1<ukQQz@=~)=7Fpsr(UVkxcOXq3Dn#$|
zKL|L-oS4l8466+w6nKfWCLa#rf(JhW)EgZuW++6QIGP57{y>bME`SS}ME`hZU!lb8
zDyB&k;YWtmw_or-(p3%c8Y1#qojg@U4d2qe|JZGR^yUIgPYg)-tFBKYBLEZduD(s_
zDDiN%;;$$TL*<41qk|MQmKBxj$$T{rwe$KC_sml-yqA*jksHQdv433Ji*ys*?QgT9
z;qQhGf0{Zf-H43QY7RIj1PN#q8Fk*cCgUZb7P!)d=tF&`WA{gsJo4L$M}M!Oo12d8
z8^x1<zOqvu!8hwhJMYxdH%6`zruHFrFNTiRdT!kCdi^_!H+cL-q<zEw5Ib((T$BqN
zN@oq*e6*Bv$zjHj%gDNJ&Xa$!5Z!}Zz2GW3Z20@<9PyX+bYIVxb`d#J%iw$A=vry=
znru<rd$1_VaMWQp4zkE*We;gF9}4a$>%T*P9I)_`s$58V6@~|IH4N$zMY4ac`NFdv
zeJ!L{7#=I9kGr#dBoKNfB{T8&eyo@FXWaoev_FIJxS}fD#+JgD;~~~qMgL&_-*O_7
zABb%1P`9#m`hxL1R_4@9i6x=td;074ow}$%&GCsO1c2L;Y-wEVVyAsT-ryBqeO~{6
zq1W~ATzD>^PvqK&n+t`#rV?wq6Hw)T&q7B9mMm397)ru_euRobiN*=?>I-OH(83|u
z=?S26Ot;#DYTTkkNr1dRkjl+*5d<&qZ#f|*KmGpU-Q0e_adAo|o--PzqRGAsPjlf6
z7P)eGVJmMnP-Kbc2|w+2K`)iXPDDh1&<N?oZ*&92X#DN6_gMeWilKfgU0I*B-U>5L
zNlOa+B~xl(h9e1OA<{>{fjnP-KdsXs(hdm089YqpM|V(ua1C*ry(1TfUpgdkovr0g
zp+w=P^0l>T!L0P0#CF)df!;&=p`MY-@DdY0an|A6oPmfD>||`;dcyQB<J3QYe?-ul
z<^Q%JFm4Sa`p>3$d3zG~O%b{gvg4pM2*Oy&prvt;{F!5vv7cTKKW8h*e$<8r_mj-|
zFEQTC$k$^%2XTFq=s?g_Nn|x(4D`4x(fgc<&Ev`fQZnig1o3#4nAi2wZ<OY{gyfX4
z3<mE|^{HBl0S9oy({nmOHKi<nj%Gs4HR2F{d#QK-09VEZSLl4+|KL7AZrhWHY+d_X
z5&<FV?%0W1J$yR(qeq??4(@(Ll=`^c^$2&j6H}{Qn<P6Ccv!U<G~|!6SVC|7Dxm~Q
zr5p(!W9}79QRlt_c?rj^9s$>FRR81`h^?%GOHEWSj?1C01tudjHC`Y}G<!b$OTW6A
zNPERp7M^V^V=WMw&Zks4pxD0fykMdf=rZ=7Klr7RgQCjG??rO+F07GY(?U*{w<_vJ
zuD)89RwX;x;`rXURv?pu1wnty1_>&LNQU<f0S5-4f&{!Uf&{n%0RS+91hEDQDuzgg
z_YDCD0Wc^A3Mz(3hW8Bt3;_l(8Uz#;k$aQ$QSSrh6=Qk;JK~!}zz2W=0t5hnf&_Tb
zj?2qbNzoj+I4}jw<$pm~xy1tq09{TrXU|8uVjz(cbfbbqkCIbmF|mLD(Iu3+K%L+m
z3CX@jvg@rvu_#HF-iSvneIm2{3S9eG<h(QWYf5Xjwm;T(9{q`G=F?~Ak>orMnF~8=
z<#XU!sNkLvzNPKc!0sbIc1F+!2iLnERRE;_4h~Y>$sN+m+ZhMXOSRob#`H7({lFcM
z*;P)+Ea{=w<!Z3qNojxl$E0{mV`YduKMkQ!gPmc~;Rp&^(!gs^YREmjppq%!gA_H<
z`<W&ZYXR)jBN+>_%1hiac=QL@InGd>jL`*zjzZ2)-y`JZA0@CrvOW$kA9z2Vo!&`t
zKixwNAE=A=FX-Ba``1$Y-=#cui`O7@%YQI?cX)U81BG)%>REsG`4RVu=Lz&3;LNOf
zy6Ovzzu!N+)YJJV-x7}tq;E^O3RdmzsxX)I(f$*Jm4RHNTSLRc0vuC+EC@B0-9XNT
z$uWW5KU+iKw*}ALSKi86*535vz7%fj7x5|!wtBNi!8|fCf}8T(U@MyKu;6Hw*27jq
z4)9s{BSyj!1S)@Gj5d!f-y1~d*|S;C;{?xcD0I9FJP4;A6NZNO<+*-DCNdb&0F{e~
zz~d}=nNb{!<grO{w-HiTqzhD|FW$eYMFG~)l3NfQP%ypxoN{t+AeE#Q&ec<Gs?5b7
zAM4|2KDE_L#-&~s&OEz7;-zMxMBW_Z(<pjrZJeCc9z=gF?Bpmp`bf9Z?N4nVM9!Fx
z5#f%SDzEqbx$?HJK`kPu7$x|Ta{xilPc;l1C^iB|Fl|mX<Xkr2a1N@7GG0Q4!hc)-
zT~1H8z%Tb{oA{}+zF5gg+iA`M+B;b6@*IDcA2REh#0u$2)5hzoEWP}7J-JKPP;pu=
z0x6F#hWdZOdXn!Im)sZsHp^cZ=RCWEqh>8G08m|Oxh2{nCa*!3fAC6QdUq>uVQ15K
z`KUW{KYU&M-3&^o%Xy?5VS&5&nG2{ZN2VK?He3l1hM?0nCF^v~xs9_O)G;tV-!^^?
zpvk<^q`&Bbp@LlzX7F+`hTVv%SxT^Fm#n2ODN%pxa5d?k4tIwQE&43J_8qDF4pyhL
zga*RKOv}$5#VI{$fioeG=<6a%ghb_t){ZHj?)4?`+~n>w61)u63-JFn<DFJvvS5bL
zoeWxX9=9a_UY)8X;2;SN>(S_>(~fo&LvR((bek8zXxh$hbM0LWVU>420sj}F`gIYq
zofLn2U~#(M<GANxK5B%WA){=YzPZerytB6~K@rA6PmSxZzv*a{MPoAb%V=+LQ;wof
zFs@V!;YyQ0N?YSrf@H*X3>`U1p4{b$VdBgshxN{-ne5jIzp~alJpo+q&-!cggG!U-
zs{Fi-ML+9Bew{8e>CeMe{lF#0IEh<3B<_C?hjUQdA*b!|6bE<gsHr8&mxn=Qzo~XD
zf16nNzZ})zY$x-@0lsGA$PRP1@raqWl>fFu2P*SA^1WI)fI|LLK8bwyFfjFaN+vGe
zNxmQ5A6B7PFg-9KFbM_)D-Ht!8U+9Z6e#gwIw0FdI#OaRA^DV&e4ypy<pdN<AjB1(
X#j7G;ud;B#WvRyoSB^oY0s;g8i*W%o

diff --git a/examples/security/webserver-signatures/src/main/resources/service1.yaml b/examples/security/webserver-signatures/src/main/resources/service1.yaml
index 91b9f89bf08..7af4407c1cf 100644
--- a/examples/security/webserver-signatures/src/main/resources/service1.yaml
+++ b/examples/security/webserver-signatures/src/main/resources/service1.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2016, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -33,14 +33,14 @@ security:
         realm: "helidon"
         users:
           - login: "jack"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: ["user", "admin"]
           - login: "jill"
-            # master password is "jungle", password is "password"
-            password: "${CLEAR=password}"
+            # master password is "changeit", password is "changeit"
+            password: "${CLEAR=changeit}"
             roles: ["user"]
           - login: "john"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: []
         outbound:
           - name: "propagate-all"
@@ -52,7 +52,7 @@ security:
             paths: ["/service2"]
             signature:
               key-id: "service1-hmac"
-              hmac.secret: "${CLEAR=somePasswordForHmacShouldBeEncrypted}"
+              hmac.secret: "${CLEAR=changeit}"
           - name: "service2-rsa"
             hosts: ["localhost"]
             paths: ["/service2-rsa.*"]
@@ -67,7 +67,7 @@ security:
                   # defaults to jdk default
                   type: "PKCS12"
                   # password of the keystore
-                  passphrase: "password"
+                  passphrase: "changeit"
                   # alias of the key to sign request
                   key.alias: "myPrivateKey"
   web-server:
diff --git a/examples/security/webserver-signatures/src/main/resources/service2.yaml b/examples/security/webserver-signatures/src/main/resources/service2.yaml
index 0e58c9adb98..55f426a506f 100644
--- a/examples/security/webserver-signatures/src/main/resources/service2.yaml
+++ b/examples/security/webserver-signatures/src/main/resources/service2.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2016, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2016, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -36,7 +36,7 @@ security:
           keys:
             - key-id: "service1-hmac"
               principal-name: "Service1 - HMAC signature"
-              hmac.secret: "${CLEAR=somePasswordForHmacShouldBeEncrypted}"
+              hmac.secret: "${CLEAR=changeit}"
             - key-id: "service1-rsa"
               principal-name: "Service1 - RSA signature"
               public-key:
@@ -48,7 +48,7 @@ security:
                   # defaults to jdk default
                   # keystore-type: "PKCS12"
                   # password of the keystore
-                  passphrase: "password"
+                  passphrase: "changeit"
                   # alias of the certificate to get public key from
                   cert.alias: "service_cert"
     # Security provider - basic authentication (supports roles)
@@ -56,13 +56,13 @@ security:
         realm: "helidon"
         users:
           - login: "jack"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: [ "user", "admin" ]
           - login: "jill"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: [ "user" ]
           - login: "john"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: []
   web-server:
     # Configuration of integration with web server
diff --git a/examples/security/webserver-signatures/src/test/java/io/helidon/security/examples/signatures/SignatureExampleTest.java b/examples/security/webserver-signatures/src/test/java/io/helidon/security/examples/signatures/SignatureExampleTest.java
index c443ebea07a..7ae2c76ac39 100644
--- a/examples/security/webserver-signatures/src/test/java/io/helidon/security/examples/signatures/SignatureExampleTest.java
+++ b/examples/security/webserver-signatures/src/test/java/io/helidon/security/examples/signatures/SignatureExampleTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2018, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -74,7 +74,7 @@ static void stopServer(WebServer server) throws InterruptedException {
     public void testService1Hmac() {
         testProtected("http://localhost:" + getService1Port() + "/service1",
                       "jack",
-                      "password",
+                      "changeit",
                       Set.of("user", "admin"),
                       Set.of(),
                       "Service1 - HMAC signature");
@@ -84,7 +84,7 @@ public void testService1Hmac() {
     public void testService1Rsa() {
         testProtected("http://localhost:" + getService1Port() + "/service1-rsa",
                       "jack",
-                      "password",
+                      "changeit",
                       Set.of("user", "admin"),
                       Set.of(),
                       "Service1 - RSA signature");
diff --git a/examples/todo-app/backend/src/main/resources/application.yaml b/examples/todo-app/backend/src/main/resources/application.yaml
index cebe7db0a75..8727766ddce 100644
--- a/examples/todo-app/backend/src/main/resources/application.yaml
+++ b/examples/todo-app/backend/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -31,7 +31,7 @@ cassandra:
 security:
   config:
     require-encryption: false
-    aes.insecure-passphrase: "jungle"
+    aes.insecure-passphrase: "changeit"
   provider-policy:
     type: "COMPOSITE"
     authentication:
@@ -45,4 +45,4 @@ security:
         inbound.keys:
           - key-id: "frontend"
             principal-name: "Frontend Service"
-            hmac.secret: "${CLEAR=frontend2backend}"
+            hmac.secret: "${CLEAR=changeit}"
diff --git a/examples/todo-app/backend/src/test/java/io/helidon/demo/todos/backend/BackendTests.java b/examples/todo-app/backend/src/test/java/io/helidon/demo/todos/backend/BackendTests.java
index 7d8bccc88d3..52a2d5a072e 100644
--- a/examples/todo-app/backend/src/test/java/io/helidon/demo/todos/backend/BackendTests.java
+++ b/examples/todo-app/backend/src/test/java/io/helidon/demo/todos/backend/BackendTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2021, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -102,7 +102,7 @@ private static Properties initCassandra() throws IOException {
 
     @Test
     void testTodoScenario() {
-        String basicAuth = "Basic " + Base64.getEncoder().encodeToString("john:password".getBytes());
+        String basicAuth = "Basic " + Base64.getEncoder().encodeToString("john:changeit".getBytes());
         JsonObject todo = Json.createObjectBuilder()
                 .add("title", "todo title")
                 .build();
diff --git a/examples/todo-app/backend/src/test/resources/test-application.yaml b/examples/todo-app/backend/src/test/resources/test-application.yaml
index aa071626dd7..299eed138e7 100644
--- a/examples/todo-app/backend/src/test/resources/test-application.yaml
+++ b/examples/todo-app/backend/src/test/resources/test-application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2021 Oracle and/or its affiliates.
+# Copyright (c) 2021, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -37,4 +37,4 @@ security:
         realm: "helidon"
         users:
           - login: "john"
-            password: "password"
+            password: "changeit"
diff --git a/examples/todo-app/frontend/src/main/resources/application.yaml b/examples/todo-app/frontend/src/main/resources/application.yaml
index d6459c14b13..2544d24d28b 100644
--- a/examples/todo-app/frontend/src/main/resources/application.yaml
+++ b/examples/todo-app/frontend/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -32,7 +32,7 @@ services:
 security:
   config:
     require-encryption: false
-    aes.insecure-passphrase: "jungle"
+    aes.insecure-passphrase: "changeit"
   provider-policy:
     type: "COMPOSITE"
     authentication:
@@ -53,7 +53,7 @@ security:
             hosts: [ "localhost" ]
             signature:
               key-id: "frontend"
-              hmac.secret: "${CLEAR=frontend2backend}"
+              hmac.secret: "${CLEAR=changeit}"
   web-server:
     paths:
       - path: "/api/{+}"
diff --git a/examples/todo-app/frontend/src/test/java/io/helidon/demo/todos/frontend/TodoServiceTest.java b/examples/todo-app/frontend/src/test/java/io/helidon/demo/todos/frontend/TodoServiceTest.java
index e2af2f9a69d..22b88f6cabb 100644
--- a/examples/todo-app/frontend/src/test/java/io/helidon/demo/todos/frontend/TodoServiceTest.java
+++ b/examples/todo-app/frontend/src/test/java/io/helidon/demo/todos/frontend/TodoServiceTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2021, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -52,7 +52,7 @@ public class TodoServiceTest {
 
     private static final JsonObject TODO = Json.createObjectBuilder().add("msg", "todo").build();
     private static final JsonArray TODOS = Json.createArrayBuilder().add(TODO).build();
-    private static final String ENCODED_ID = Base64.getEncoder().encodeToString("john:password".getBytes());
+    private static final String ENCODED_ID = Base64.getEncoder().encodeToString("john:changeit".getBytes());
 
     private static WebServer serverBackend;
     private static WebServer serverFrontend;
diff --git a/examples/todo-app/frontend/src/test/resources/application-test.yaml b/examples/todo-app/frontend/src/test/resources/application-test.yaml
index 0e363e78dad..37993bfc10d 100644
--- a/examples/todo-app/frontend/src/test/resources/application-test.yaml
+++ b/examples/todo-app/frontend/src/test/resources/application-test.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2021, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2021, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ security:
         realm: "helidon"
         users:
           - login: "john"
-            password: "password"
+            password: "changeit"
   web-server:
     paths:
       - path: "/api/{+}"
diff --git a/examples/todo-app/pom.xml b/examples/todo-app/pom.xml
index 08838bb548e..11fd95c503c 100644
--- a/examples/todo-app/pom.xml
+++ b/examples/todo-app/pom.xml
@@ -28,7 +28,7 @@
     </parent>
 
     <groupId>io.helidon.examples.todos</groupId>
-    <artifactId>example-todo-app-project</artifactId>
+    <artifactId>helidon-examples-todo-app-project</artifactId>
     <packaging>pom</packaging>
     <version>2.6.7-SNAPSHOT</version>
     <name>Helidon Examples TODO Demo</name>
diff --git a/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml b/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml
index 7eabb560ca4..e106ffd7504 100644
--- a/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml
+++ b/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -66,10 +66,10 @@ client:
       truststore:
         keystore-resource-path: "path to the keystore"
         keystore-type: "JKS"
-        keystore-passphrase: "password"
+        keystore-passphrase: "changeit"
         trust-store: true
     client:
       keystore:
         keystore-resource-path: "path to client keystore"
-        keystore-passphrase: "password"
+        keystore-passphrase: "changeit"
         trust-store: true
diff --git a/examples/webserver/mutual-tls/automatic-store-generator.sh b/examples/webserver/mutual-tls/automatic-store-generator.sh
index e40ccfe94ab..03d7da1ca75 100644
--- a/examples/webserver/mutual-tls/automatic-store-generator.sh
+++ b/examples/webserver/mutual-tls/automatic-store-generator.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,54 +25,54 @@ SINGLE=true
 createCertificatesAndStores() {
 	mkdir out
   echo 'Generating new key stores...'
-  keytool -genkeypair -keyalg RSA -keysize 2048 -alias root-ca -dname "CN=$NAME-CA" -validity 21650 -keystore ca.jks -storepass password -keypass password -deststoretype pkcs12 -ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign -ext ExtendedKeyUsage=serverAuth,clientAuth -ext BasicConstraints=ca:true,PathLen:3
-  keytool -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=localhost" -validity 21650 -keystore server.jks -storepass password -keypass password -deststoretype pkcs12
-  keytool -genkeypair -keyalg RSA -keysize 2048 -alias client -dname "C=CZ,CN=$NAME-client,OU=Prague,O=Oracle" -validity 21650 -keystore client.jks -storepass password -keypass password -deststoretype pkcs12
+  keytool -genkeypair -keyalg RSA -keysize 2048 -alias root-ca -dname "CN=$NAME-CA" -validity 21650 -keystore ca.jks -storepass changeit -keypass changeit -deststoretype pkcs12 -ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign -ext ExtendedKeyUsage=serverAuth,clientAuth -ext BasicConstraints=ca:true,PathLen:3
+  keytool -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=localhost" -validity 21650 -keystore server.jks -storepass changeit -keypass changeit -deststoretype pkcs12
+  keytool -genkeypair -keyalg RSA -keysize 2048 -alias client -dname "C=CZ,CN=$NAME-client,OU=Prague,O=Oracle" -validity 21650 -keystore client.jks -storepass changeit -keypass changeit -deststoretype pkcs12
   echo 'Obtaining client and server certificates...'
-  keytool -exportcert -keystore client.jks -storepass password -alias client -rfc -file client.cer
-  keytool -exportcert -keystore server.jks -storepass password -alias server -rfc -file server.cer
+  keytool -exportcert -keystore client.jks -storepass changeit -alias client -rfc -file client.cer
+  keytool -exportcert -keystore server.jks -storepass changeit -alias server -rfc -file server.cer
   echo 'Generating CSR for client and server...'
-  keytool -certreq -keystore server.jks -alias server -keypass password -storepass password -keyalg rsa -file server.csr
-  keytool -certreq -keystore client.jks -alias client -keypass password -storepass password -keyalg rsa -file client.csr
+  keytool -certreq -keystore server.jks -alias server -keypass changeit -storepass changeit -keyalg rsa -file server.csr
+  keytool -certreq -keystore client.jks -alias client -keypass changeit -storepass changeit -keyalg rsa -file client.csr
   echo 'Obtaining CA pem and key...'
-  keytool -importkeystore -srckeystore ca.jks -destkeystore ca.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass password -deststorepass password
-  openssl pkcs12 -in ca.p12 -out ca.key -nocerts -passin pass:password -passout pass:password
-  openssl pkcs12 -in ca.p12 -out ca.pem -nokeys -passin pass:password -passout pass:password
+  keytool -importkeystore -srckeystore ca.jks -destkeystore ca.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass changeit -deststorepass changeit
+  openssl pkcs12 -in ca.p12 -out ca.key -nocerts -passin pass:changeit -passout pass:changeit
+  openssl pkcs12 -in ca.p12 -out ca.pem -nokeys -passin pass:changeit -passout pass:changeit
   echo 'Signing client and server certificates...'
-  openssl x509 -req -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client-signed.cer -days 21650 -passin pass:password
-  openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server-signed.cer -sha256 -days 21650  -passin pass:password
+  openssl x509 -req -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client-signed.cer -days 21650 -passin pass:changeit
+  openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server-signed.cer -sha256 -days 21650  -passin pass:changeit
   echo 'Replacing server and client certificates with the signed ones...'
-  keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass password -deststorepass password
-  openssl pkcs12 -in client.p12 -nodes -out client-private.key -nocerts -passin pass:password
-  openssl pkcs12 -export -in client-signed.cer -inkey client-private.key -out client-signed.p12 -name client -passout pass:password
-  keytool -delete -alias client -keystore client.jks -storepass password
-  keytool -importkeystore -srckeystore client-signed.p12 -srcstoretype PKCS12 -destkeystore client.jks -srcstorepass password -deststorepass password
-  keytool -importkeystore -srckeystore server.jks -destkeystore server.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass password -deststorepass password
-  openssl pkcs12 -in server.p12 -nodes -out server-private.key -nocerts -passin pass:password
-  openssl pkcs12 -export -in server-signed.cer -inkey server-private.key -out server-signed.p12 -name server -passout pass:password
-  keytool -delete -alias server -keystore server.jks -storepass password
-  keytool -importkeystore -srckeystore server-signed.p12 -srcstoretype PKCS12 -destkeystore server.jks -srcstorepass password -deststorepass password
+  keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass changeit -deststorepass changeit
+  openssl pkcs12 -in client.p12 -nodes -out client-private.key -nocerts -passin pass:changeit
+  openssl pkcs12 -export -in client-signed.cer -inkey client-private.key -out client-signed.p12 -name client -passout pass:changeit
+  keytool -delete -alias client -keystore client.jks -storepass changeit
+  keytool -importkeystore -srckeystore client-signed.p12 -srcstoretype PKCS12 -destkeystore client.jks -srcstorepass changeit -deststorepass changeit
+  keytool -importkeystore -srckeystore server.jks -destkeystore server.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass changeit -deststorepass changeit
+  openssl pkcs12 -in server.p12 -nodes -out server-private.key -nocerts -passin pass:changeit
+  openssl pkcs12 -export -in server-signed.cer -inkey server-private.key -out server-signed.p12 -name server -passout pass:changeit
+  keytool -delete -alias server -keystore server.jks -storepass changeit
+  keytool -importkeystore -srckeystore server-signed.p12 -srcstoretype PKCS12 -destkeystore server.jks -srcstorepass changeit -deststorepass changeit
 	
 	echo "Importing CA cert to the client and server stores..."
 	if [ "$SINGLE" = true ] ; then
-		keytool -v -trustcacerts -keystore client.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt
-		keytool -v -trustcacerts -keystore server.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt
+		keytool -v -trustcacerts -keystore client.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt
+		keytool -v -trustcacerts -keystore server.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt
 	else 
-		keytool -v -trustcacerts -keystore client-truststore.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt
-		keytool -v -trustcacerts -keystore server-truststore.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt
+		keytool -v -trustcacerts -keystore client-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt
+		keytool -v -trustcacerts -keystore server-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt
 	fi
 	
 	echo "Changing aliases to 1..."
-	keytool -changealias -alias server -destalias 1 -keypass password -keystore server.jks -storepass password
-	keytool -changealias -alias client -destalias 1 -keypass password -keystore client.jks -storepass password
+	keytool -changealias -alias server -destalias 1 -keypass changeit -keystore server.jks -storepass changeit
+	keytool -changealias -alias client -destalias 1 -keypass changeit -keystore client.jks -storepass changeit
 
 	echo "Generating requested type of stores..."
 	if [ "$TYPE" = PKCS12 ] || [ "$TYPE" = P12 ] ; then
-		keytool -importkeystore -srckeystore client.jks -destkeystore out/client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password
-		keytool -importkeystore -srckeystore server.jks -destkeystore out/server.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password
+		keytool -importkeystore -srckeystore client.jks -destkeystore out/client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit
+		keytool -importkeystore -srckeystore server.jks -destkeystore out/server.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit
 		if [ "$SINGLE" = false ] ; then
-			keytool -importkeystore -srckeystore server-truststore.jks -destkeystore out/server-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password
-			keytool -importkeystore -srckeystore client-truststore.jks -destkeystore out/client-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password
+			keytool -importkeystore -srckeystore server-truststore.jks -destkeystore out/server-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit
+			keytool -importkeystore -srckeystore client-truststore.jks -destkeystore out/client-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit
 		fi
 	else 
 		mv client.jks out/client.jks
diff --git a/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ClientBuilderMain.java b/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ClientBuilderMain.java
index 02b2d978f08..6410ac07cb2 100644
--- a/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ClientBuilderMain.java
+++ b/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ClientBuilderMain.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 Oracle and/or its affiliates.
+ * Copyright (c) 2020, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,7 +54,7 @@ static WebClient createWebClient() {
         KeyConfig keyConfig = KeyConfig.keystoreBuilder()
                 .trustStore()
                 .keystore(Resource.create("client.p12"))
-                .keystorePassphrase("password")
+                .keystorePassphrase("changeit")
                 .build();
         return WebClient.builder()
                 .tls(WebClientTls.builder()
diff --git a/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ServerBuilderMain.java b/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ServerBuilderMain.java
index c225c057c50..800ff81eef0 100644
--- a/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ServerBuilderMain.java
+++ b/examples/webserver/mutual-tls/src/main/java/io/helidon/webserver/examples/mtls/ServerBuilderMain.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2021 Oracle and/or its affiliates.
+ * Copyright (c) 2020, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -81,7 +81,7 @@ private static WebServerTls tlsConfig() {
         KeyConfig keyConfig = KeyConfig.keystoreBuilder()
                 .trustStore()
                 .keystore(Resource.create("server.p12"))
-                .keystorePassphrase("password")
+                .keystorePassphrase("changeit")
                 .build();
         return WebServerTls.builder()
                 .clientAuth(ClientAuthentication.REQUIRE)
diff --git a/examples/webserver/mutual-tls/src/main/resources/application.yaml b/examples/webserver/mutual-tls/src/main/resources/application.yaml
index 4f4d4dbb4c1..c969bd70eb6 100644
--- a/examples/webserver/mutual-tls/src/main/resources/application.yaml
+++ b/examples/webserver/mutual-tls/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,13 +23,13 @@ server:
         client-auth: "REQUIRE"
         trust:
           keystore:
-            passphrase: "password"
+            passphrase: "changeit"
             trust-store: true
             resource:
               resource-path: "server.p12"
         private-key:
           keystore:
-            passphrase: "password"
+            passphrase: "changeit"
             resource:
               resource-path: "server.p12"
 
@@ -37,13 +37,13 @@ client:
   tls:
     server:
       keystore:
-        passphrase: "password"
+        passphrase: "changeit"
         trust-store: true
         resource:
           resource-path: "client.p12"
     client:
       keystore:
-        passphrase: "password"
+        passphrase: "changeit"
         resource:
           resource-path: "client.p12"
 
diff --git a/examples/webserver/mutual-tls/src/main/resources/client.p12 b/examples/webserver/mutual-tls/src/main/resources/client.p12
index 4eb3b8325cd0190163032aca86e1d4fc94856822..9529b6722be0cb920ecceae276fb9be270ac30ae 100644
GIT binary patch
literal 4274
zcmY+EWmFW5mxq~Q7#eAY?vNpd98yA324A|7E&)MF34tMo?vxto5Rpc@8!73Ml929{
z^_<;(|GOXVx#vE=^Sd7(7?Su45P%6o65D}sxx-Y#t_T6x05p==0E8sg`HMARNUVbY
z7h$D<kXQ+Sam?R|0OS8pivSM*L?f|e|3WF4?Y|8yLYN^;>^~;~3<@HbrP1JF?jJs`
z6^95t$Yv;EOBIy^ft<uZ027P=jPu_gfw)*0FnTbqd6){o1``C}1`+E5G0wIuRP&0p
zYx1IV3p7DU&^V+dNlMH;$+0)uidaN2>CP6W8U9uIceUj$0**t;M_jK%g^r=91U&J|
zA?b9c3g;p<#y36wI4T0+iqBx`y-w7s7x4h;ZdfA>T~7_N78a>>;|w_wZ$XD&w8NdJ
zIRewBBgpP2yAwmJk<@Mz*27x#1?8rs%fGoF{ABwpp_+|t{g(<{_&4r+>6;H@o7AeK
z2dPUpT0Mvh&Up=fnogSAPj#t&vx=TZxlAj;-B(E<%*&vD)U3&M1&K~TVaF0Zsf&?^
zVf-9t{rqyHg?iNT<D5tL{^pq;BSF9~E<f0C&oMy1v?YPoCCk_9JA`4me^t$7U6X64
z-LaEpYt)1AtGTG_2L`ou;V2v#rjCTQ@jr;<pdUwXXx=H3t~)V}80iK#m`^vShuImC
z8B`rhpc+Ic?2{I?aa38HCu+~Ze%oqI?rnQ|sa4g1OGIz7#o$cIrKo7mv`Hi5W=pP9
zxX5oNR<ri#R4|q^45f9|jJrs~%JnT(J(f38Qai%_MXH+kdj2&^L9ntyewVts_a~WK
zNH4?6hqdZX`(3rG6<q+xX45>&PS5WuEt(nNrj=Zy=|ciUnpilyK?bvaPI7YQ8cVoa
z<6{;Hha<BO%5ge4fqAMa>hT|1Nlo&rY~Zp!ixsE|oUYQJw)sqN2~+X$Ta)7LOmHR@
zD4L<=6DRvW`S?RU33%QoRr!@og1F%yF$s`EeIGKY*7aKmY3Dlc@fkOm_pRY_S&CkY
zXBVt7zBJp8HeJK-gTL8qekqE?;1-V0Ux{QRMehc8)DD`k(lSSVsF#@!13g0-))Aq1
zx!q0a=3L?gg;~o=ufw<qBC>2pVG$(jH7_Zt=Zq<^=v@yCK9z9W91BFFxzG#6bHI-=
zE2f<_sxi}4CPTo2B`dE|X^XcWDI&B4sfXW+%(0c;EYYS>(z@ajP|4bN-#bR@YG9vi
zLLO#%;g);xuKd3NLrM5LLfV-iCovUBlXsyMJ4^0cSpHGa^L<215$lwK=o@ne5`Fdk
z)f1hisi8hH`;oE)k&DJLwV{AoV-+F$t>!EOt=#JOp5pJf&WZChuT~52TD{1uS}NGt
zWYz2tL~E(-)OWtU;AFHB(aTgTIbtvK$nlfT=1~Fd7nnzr-m!ypdmQ5(y0NigMxpu5
zqx;=ZaS-cd@T=GZj29Oxo$uV20w6=w*dOLJOj^$MY{SP?P;D;pCt0zFG7xip@89=Y
z&7g@GsIY%3q!EAny3IM*|GR=pVGl}^xAeBLXH8$pCiAADp`OJ#%w4giW$zUbT9moP
zfANE8qmq(hOW9lQGy7fz3tdVr3Bs!(WKktd$G45{(alWGvRMo782(uj9m79KfHr+B
z1<V?3n?a0)HrAoY@IJ9kj{AYfGMAL}?O65{C5`H*`$Cxt<4mS99Ih7RUBLlNpY|ZF
z<t(v|w6|*c1FTP5okitjpP4F5n0!)}7agnY7m3a8BZO#I^Mdo5GFV3H#4AbH6EX#?
z!alc0dR0By7M)%|Y*Yo^kVIp{!pHTm+8!=TLi1YaCd%|jQt>?R$!UnQI=$DWhDH+7
z%#Lx-f7H!|-2vsLq9+7bkrMcjd$w6Sli4urGFJx`tRv_sPEM_Hr+kZmD2(J^UE-1p
zfEa)n0x;(PAPNC;5UGxXvkj8~940OxAS5OxEG8%fL*o4(PlM4&yp+Ev0SLhOyCVOs
zV*_AM!Fd1cYycQW3nG80Q|&ZswREEI7QFh3)6(=7*L4txiP5bQh{V%Sj+^Cl&ZDUK
zb}Fp`Ds2++j{Ml<XIwG7ca!N_TIT?C7CKgH9Sjb6R`;rAgfH!u0-?YYaAaPfbDoET
zWbN{<?`zL#6v6qc;zb*4|L^8247sdac3o0!pU)GdXrrytoDSa7yY2F=zbggV)Jd;1
z5fIzUd$6-keos?1+Sw)jC#e;Fj~!kZs-o9~`3@D$)kCSYFT61`$1*>E`bVQpR`ku>
zp-46|+7DYG=+Z}Vu=43hem47<GB{MuQcEX@;IV$t@#%})X{({TdD=Ay=IAu5XpY(}
zm$uOF*ACX_gd;N|f9Ot^Up54sQpjHUFL&teY@GOHDbfob3;6<nph}djG=qsHsMQC%
ztgKnpQ(l*go5fPGN=Va{o+hQ(xwZ;?rlu~(nE%?w2JxBDn{GLe8f81G;j5Q(3XG0;
zCl$UkCE=Z+E&d#!HSqJ`xp|%f5eBo$&%9u_@=->g)Zv`Vdg83OnXN-{k9Rig=1$by
zg<IJ>VBqNyYESue&!><GE+SKG#l)knQLoWNGn{-MvA4-mz}LSG?}cybh>3RZVe&d5
zBJ4{EQMp@z^)WTQB~w&poo#xFnZwH$veOM&63k}<)W+#Ol;Z~0y+<ihM&TjC+6U;@
z3xE9LH`7m~C$I0vCr|qN%6FRXW7ZH#jCLY?OYEO<Ds$$cG;bIHmL*0j=%j|2^e3ag
z4+|TDucKxP^niL*uTDqDM$I?s6LY()O9zr&H=HV7PzCXuml2`*$h?C4Go`#MEzU)R
zdgQIg<F!1QwIQs~@%UDAqnVlO4(PRb8m6=gPAK03lCVbYSM$$~DBdiIbJ-kopU(at
zmTQ#nBzJCyhTL}sn%*GNj~?F&y~-fFoobo!#nhD(y3r6^0{l`%@?CWB#d(0w7}DG;
z`=8vb)M2w=O#=#&6hioC-IND5h_aLz(Obj4B#o0C%(@12s}u^?sV&-UQGdR0Lan#@
zPi7)JXT{;QECgfiQjL=zittgbBClT}uc+=H<}58&;xtc;Tob=J(UEF%Nb*86<O*Ew
zTRERw9kOot5Q~4h^TEnd*YAWE?C#|M<e(|XlYW-wHur&G75$3>4a2o$EfFslU7dxi
zMM|$m2g;&a!bY#UvwD3W^%o}-Vsnb2T1+IJ@|y^s<7EGr3>CpxIG^)QIJo<Bodl>w
zX|~eF@;)_Z=2>q~d`uj6jOJtHz4*-~3Aggl64PTOn`=2{sQPDr(!qAchg+56BX^IR
zG}kIhU(K;{__<7nN=m>NHN><=mwZ|&#ElLz$ms8fo5m~I4-eyA?YfmKd1WC_yHZyB
z1>ajL(EWN$hWt#Gf^Ln7sXyG4bn7*aMjdmv(0(N%;%9Cz35UnLT;}FDpSPLq$8#KH
zfO?&SR?ulVb!e)c;`2170}_Rf;f+Ff{l2d!ypk;MD?~{z%`olCY~MN#%j#xk3&#HA
z4UL*~OUm(HFxsj3l_t?#fOfdN+Nv0uKtOzFcBX#X-n+Q|5qwswDReL+1lqI6eqI+s
zA><F*$|_6MG}yVEXj^1o8A$qtCEcNA{PadceX0BV9@FhAL`sg>iso}dqWd-bd7Qtb
z8}fb-hrIbyNvhl6<eJ8o>S7JMj;W!AjJpE?mzI=^f>NRRhL%GlrR`FB(U;F`3S!&w
z*bN))--wM-!jv{LGc5X^XYf$OAm$w-ZRIlmcuJ6ony#-|fX+11i#HiNgJd$?^gdLk
z;8k&Y4pWR{*RPPg9x*a`o&boLh&_?*-k+Jp;+C(-3<wxS-J>lzmi<UO5V4M5CKr*w
zZP*8QdK101bY^&ll6VlP{-6WRJD?wUk^g3RE$`)W7SQiQC}&migl$OeDYqq6^$Gdr
z`iK#}!MT;ZLSoj8pSFSA{(}5maPdh*XGa7^zTKzj;l)A^4`PfO_`3*+-?<;v%@%&O
z!SLJJ?*m#zYp{DWDY<PefP(^vvO`@4NGfx0npI?<kpZs`kcUn12(*HYO44M*y+jIo
zu+PuY@3%i-r4E@sMm6i%<4JvFGqj3L9A^$vW$;%eD^klZr!!s&KR8f~ii057YzG#h
zUgYnTyj=Byyv&!m%90bzV>`WkvL6AyXv5&lB`%XN@auD^PMzqdjQmqAzF`+ELClv7
z+t`*OeeY8e7C07W2OGo3TS!X>$I?s$C2uis)*Gc|hfTT61jpZKIC$oMb516z9(7y9
zqmlyg8|M8Evj<xoaseY=3>41Y53x6|Jd3~l(eqm{+g6~9Nu}vvpWs*04f!OhE?UF8
zP$raAZ93H6@=Q{2rNFGpu*A5U(thENMyg?uUOdo?X*<$_hS2S!@DzO(cj^oM&%J}Q
zk9hXA*#GdvK?C8LeHva@$}%isqrQw|O>w&YuiX53(8Zi=eS-dv0@t{mJBE?WC%knF
zbtA7GUW=@;O5Z&pl4`h*PivVWF}i8i$nTFQxkEN+4Hz`Ea$Y9Jd3TAR`+phWHdB3@
zHlnZ%ZgHw@ik;+E{;ASZ)rE#lH%HCQX1#3PexWeB9b=ZiPp%IJ&4o&!w?ci=dM3%V
z-xqdE@~6&h*cS{f{+Nk(g%!OAaFm5+9B;)tC9W4cA}59{JkaD{7l0a#_nG2T2PV!X
zH827zB{rr52#sKUfpMZEannsR)K*t{mM0?i;bd8)j7`>|o$Vj2(S3}${MA6!pq3=m
zSCbRLM?_@_7tdwr%el;Rf(J7bdp7c=))wzI@24I=e9&detP&1PEQ206S|o}m+CI`~
z#a)qRnd-5rHjsOQ;lY~Cvtx1nnt905>o$S!%8DZx7Obatt+<QYHp1d*SJ#WXp_p#>
zltN6&?B?0<vA6kcJYV~BD3hGT>z^iTrx<jGR|SbrgQe{YpM^&r)W)t5m_N)@gz@x-
zo?p4SU<YrV_{?6G^u@RfkLPMMovyD|I=PzH0UA2H7?n5%*9=16r2bGn#nM|}6G+cN
z+S#t{Cs<|Z_vWhm0)1OHUCBphEucy9a|aya?VjZ{Ar)tTxCym$&n_7ousQH!jGX)r
zdx)-BzeHRdkizY5EBG(vLV#}f_aEB!z!#8!k!#_-6Cm!LoO<EQug|FneJk{A%S_xR
zPoKqIZC%(^FBQM28O|&a2**}@?#_L8%QH1S<eUEIJ#_Ez8~kj4Plxv%YVcuQ_$6`s
zcey}cPkmdp*fF_SYkGM<C7B{R9YQm2vR?Zd6$a{|kTsRX_`XLXolHD4iNs46q<e@?
z*nlW)KvmX6L0g+Npx!f$dD&GidusEohex<Tqr8vj4g;v9x49VM&2W%{5RS8yJ}MB@
z?LXul!hBxu<bq9R@S68KZ@0W!;J_jA+uAF4e%vC19`dO_9CqnbV+>FeGaTXtx~IoY
zQhh1-?YN^63wmFe<p$z+O>S=@d5f;Wf(jX*ji$h$S@~C#u^OCRt0dNzSj)Ssr02Uw
zTMShL2Aq??u!xIgEG-2}%rD-4;@~3plf~q19n!QDQByqFGZ-@r7mNiZ!UWP_VSvcr
ySMN1EP!kzPqlH$iDSg@zVbj4Naw{wM3UjPL;QW#Nk3<vNC`a~4Paq~B4E<l~wg655

delta 4154
zcmV-A5XJAZA=My%FoF<K0s#Xsf)EM@2`Yw2hW8Bt2LYgh5Bmgy5BD&F5A!gB1z!dU
zDuzgg_YDCD0ic2fPy~VnOfZ54NHBs0L<S2ghDe6@4FL=a0Ro_c1p6?81otp01_~;M
zNQU<f0So~HFdGCE9Jkm_j~>n3v;5M@?Rd6jBAbLh0s{bl!%zf*1jte8NSi+Vb(St%
z$?ZG2Bh39s>P8u*Ga%ZAoQmXH?3W|e(r;}{^7D3`#3&?9EiTc+eL6KRkG(5HXVgjx
zq7rg6n;y%VYaP-rM~x7Q-SgkZaL%Z)Ng#GAOv>gIiS|-Pjr&BcOY6eRZY78M`g?$W
zSq_5^HJ&?vme$MuZt7ht-_a~N7{C#7BpK<o&wJA-r`S1BYYD>TeqEF$0{>9{Zj&n%
zDkA>=6$_1MhGfsM@4yoh>p^emyg>DN<MT#mfD<5rPfBGFFd)8x{1Mi(1Hekz(Hj29
zexB&RiW}^hA&gFeQaTDZgU><sNX5_Rk6ykZ&UF)i)HxL#PHismUAYugQs0G=LDVid
zWPK+qY=!3{baye*pV4^N%Ys6|AX4jtWTRNu?LD)tEvzrJpW&^|UgsADhC<ArV0o_L
zUkt1b`!+vm%;3;}2|T=ttPa|b%UUF@+JrA8e|6cdU!`@aodG0DGJl>GDAb#~nGO@r
zi0>bNlnfXxwNznAa9tlr`wazLsRWAj^FT*<_UOK@|Kt|ZYeu)(UOxKHn?0Ik6@yQ8
z8+(!r48nsWMGG4?{$0I=Ps<%LPDYtPyGB-s5JyB5v{2hHzgM`j#9U;#1c`%`HdEk-
zmtb`BaYFzqaP(~rrt2NyqVmy{Qm+B*xAZ!H90_ktl|M>rNj_GsA`p7b^gn|HW8vM=
z=v4$accm^y5x`A2#YeZ+pTLL^-3Z*{eNPkec2X*?FAeS&1-o3P3LGb2a;pA+rT%^5
z#oJ_BsaE}BZzvs{e1SRFEG-gh9JDlM{{bTYO4@w>+`(C0Dl}Gi@)P#wvw|U^gjDZ;
zat^`|oAsQw3nRWRu*3}%p7AV_yAt``pp@ZK-db&@Z|54~q2KT&2t<qZ)%~O<O6DY1
zf<6FX-L(Ix2hq9mJA$LR1T%XEsA~|ffI$zw#LqDKga0|DNt?N^(StMY*90b=+v2f!
zvIblsZ8K(Z0`9v#B&8|-TM1Y?JFVA$#%X`)r@s1{MaHK6RfWT(SZ!{hQDcsfi}9}@
zbAOZ6{5n$UFpl0T{3*n-#3k0gaZdHWi)1B#Q?BmnG&H=Jvm$o5Mj-eNqA`lhWKkE`
z8!jfOvun$RnKqZcs8)a_^EJ%ctz*qW5HK$?aiXm+qov|s`iPW5Nl&)73xLUgpmO%9
z#3>st;(OA$FXYDo8IxN2tj4u|SVg8V->PNy(9-6<+)R>0@SZ@b;d+cCCf&7h3be-u
zqPA!Nm2;hS%lLGy1Pn&BW0>cth$G_a7BPJU*m@vCNf9rDMz(nOHqf*!1ih{M>meso
zkiW-K*6xopmyquQepL>Z&4z4$&a6p}?o`3jo{Lw$A8o5bnC1OQ+4$S{SIXAg!E{UC
z+qQ#UWsRh2e2;iO)QO&Vdym(RdwX0K0TF<oUq<Tg0`@&|hH|m~x7?5y6CfVn-;x3P
zjnijEZx>?UO50zn{0Cb=pSNafXB5Xc#C4Mx_0GK*OFI0~{qNEjMi4t!4xGGpl~S;+
z2U1wR8QIN~`Rt6+ElB+JkWXR)Wo6NU+N2&@gXngAk)`=&sD$Y|8Xtp-7Z$S-uA#7T
zqmlKrx7EWnn;xY>()~p=LY0t>lr~QmM>uekk_9X(H90XjI5agjGBG$cFoFt<1_>&L
zNQU<f0S5-4f(m^wf(m&80RS+93UZU^1s#8;K!<}1iN10FW9S_^C^HF2w%W4-0|3KN
zfPxA*Cir!u>owZsz>nsgA6l}$h%-9kLSyhT9~t<l=BV&vY4@m>uY{7Rai#r+3bmay
zrSt5?VVFz$jR<_1yn-?z<Aj-1pHDKp2MvG5E+I)xuEI4iFbfe!ax7ulC2KU0Se1Y6
zvQE{^(bZ6=$b9t%Yy&VAEDNF=8JOnZqCYH6Ks``UZFT&$0@4R#B%V|CQKxLuBr)zG
z{~cc_3YT%HU779@ezZ4e%Y*NR!JbSVm}r~Q+j`?(>I3(7>KjLWa1mR<g>AifMiG5M
zlRVTg$h<$3eQbWnM+J44wrTSh?V^8E+r*0~a{VX<H=T=JUl4kAPLJZ{kYoTQ{RN0c
zU9loy41S5XoRGCso<^VfLe8{m#VyUQjmB!vIq>RoAauPV#8M4SlPpWp!3eu){fHPL
zqB9m4o|jm-o}psrLZFYbA}3UMLMFE+&~dTfKcX7ZC|r0$1=?pFkz%*GBes8k*dbu?
ztA4Umw+vQk?9%4$c$3q4!7(H8Mq`BK@cGDgMl-dLzTUu6N6dUpUjmnVoA?NZbdSoA
zmROCAR;)^U5^k|Yo89@VO4l<2rDY3QEhK0A+g{k&k%<4w5`FU{lX+Gh3cyp}UQ_*y
zZfoIvSiI+r9%k~?uDKBz(UgBlJbSW)MKod{JLy>Lfpq52E_s+tfqe#HaV`pIWN}05
z-gli&JmY^YNbSk3F;c;*kb?e5I%gLe#?GW{+cReWAPA+BzO*s66EvjCa##%wUZW=|
z1$U(hFrPlMxM9<Z8b+4(GSUBXq@)cX8THIKN(h1Ma-QAHOBULnVNQQAM-nCaM6|HD
zC`C=&RH0*rNW7aI;9R+~I;JKL=D#Wl$sj_JBoTt=A}s(puI|Q<f?!4$YqB+Zt+oQB
z1qSj;%oC|(F+{_8T-9tun73*P;x%d*x<mGm?##xmtW=Oot{BVF=}-(+LAkkf3)@{F
z7Z$Rd)TH#D`9Ps+Y1DtqeGYX`L3H5eRVC#QVUBtYvf*Tpo*R7e0xt~md}_9d(y*x}
zCkqD~HT3TScSF2fcKOgiLGoxImiH`h8jfo-CBU#Be}pG+t@e;8kalRmu)%mtU>q<J
zWINjO!8y+U#qwdekfBsWO9qg{MjGg9PPpvuOe*;;5hDOMsu+JdGVwZ><M%xqRqE!)
zmJ~J?nL_>_0_zM3+9(h}%Fmy<I0BlbS6hG3t$xe3@G|FdVM)m{y716#kG+Ebx+(#W
zL1M$?Ftr5`Ys#SoDGg==mwaNT_^}Z6ULiu(X*twizFfQotBXlS3kF=3G?sWJHeL?G
z^o97GwL|h7a*Kbf=ME&U0HQAsSR}=!|JCb6f;8};@2Dt;5wT3L%OPmpH>aEgyI}pi
zPCe^W<S0Q*&~{eCPZc|w1zpqYLy53?QeUjCu&5O)rp$@jjx&!h!CGsq*iBr?d>r2P
zM)4mRyfh7mbjBy=)gf+1UQCLIUWB4zlpi}>x_XPRDy4r%DUN_=`wn@w@|CFi+_Pk|
zu{whfb%z&LR#j&ZD-}H9hTjGw4*R00a`FeEoh7JP*iuf42A&h-{z_u!e*(0(7DtDt
zhhEmUj+rf&AAi0+R<?4{O3qRy4twR1aH%&@ER65UcUP8<9Z8N=rVcZAaR9yUH|Y9V
zvn$W@_M(5vqwt!N%=;*8SVSa;;q~5d7?=-*-fkoDM@(9DDwMQGVVV%M5!0A=3@{~L
zEneW1SJc%qU{BTrQOdd5ee>6Tg3dg@dQ){-O!w4kSbC=`b~V9vmqm96;o5ZN{eTO3
zK23I(#AG!Ht(OPJDpzvAW%_GqI^#!Wcgr7At!IA<FxrWV-8%N@*T0fKnTEW`@Uw)T
zY6A2bt<E+4v|yw-maZo_l(0AEPr;woifnqi7x{7G_IiQZ=9_^f*&~2^!y{@qz<oXc
zep2(+3%DI8G3)E!ZE0t-Q2&tK{T+ORF;9ZbofR)EwzOqiH~Y4#yMY0fK>vZpU9oE-
z97unfhb7<(xT>E1%=%`vyEXmvpzYtX-ZwE+CZ>r<c~PUz4Z094b9Xu(Vp@tEf^-KP
z(irf)U=1HnHC)*m<8@VPQLdInmzyMq;3357V>$Q@+U5)+bjDnh;7jJ^zuHKf<7>^e
zn8*?Y)UfI(%M&#hk0BF2{Fe3Kk-I;o>1lt}*pUAjn#H1xvs0zyQOS1s2Gb)2nvZ2|
zjJM=IG~x=E1T-5@Yvh4(KkM@C*oQJ>Uujx9r|bsSUJTJ3U&EUTK$i_T8ysBYA(vS=
zL=Z)+A)SC%&ZCv1t^@V|qr?rn_T7@m&=4l>o`vY9D}#OSi%9%y&JsBQ+G;!AuC#v}
z0fnzTqU>L6<@)R!ISJOM!-D0vOJXxjn1L%5PsNdCvf)$XR9!0WflSbFVg3`ETOJ}1
zKj|xvLx^Ta9!owud}Gl?BrginlDg9zhPAKPLey>z%vgL17^<Lpt$(R|ol>j~znG;H
z_pW9rnY5bRNyV^UjuB_L@y?3uSnz)j{-0~`J>qb~^6jBh17hjfzSorD9y6gbv5WAc
znM{k1iv?HPVlV53SSI?&6r8BCBIJ=aQfgM%aEBukAE7AKo+0c1M`AgrjO>PPT+C6t
zQeVQF&0>B*9o8cmHS<&hNDYMkuzL*Bl2d*xNI(7Jkcg!}VIe$Dng7Lz%$tAyOVvN$
zN|!lmUhpN+Ao?+$_tN+kmz$<Xq*r}x8ncBWXVeg<fd(_8O?yE(nMWd8oxddE8Wz%R
z9P`GT7ab-!`7QgiJk@V@u|wc<1Z>wK)W4cGKf@47x$3woPDX+BfST+SDMy;CUDu<W
zGv-VHD#NfkLlMg{O+~CejvRlkfngp8w||hL`^A8*g+&vU_JcJdKbbLm@sr+WIcWrR
zr7A1Q$s{`TjthJoEK0S%v`Uxwp9ss1gTx|yhF-zNjEVY)w%53*#>uY7JXP<g<{Z%f
z6B7q{7obW_7xqR^H>pe6O<hg^Fo9Uw{YRCW%e(?!bz{-k!37lkzX^X=DR`BhPN1@~
z;~Kj~`vP9hLhfSC3Q8s;FB4xzoAsTVzItXy0wa?sLNMm^e-hXyH9Q`HE+FJM#knyX
zgG$F<7-CC{sN<2+lwiQbkM6vn9nUx+xSk=3c-N(gt1S(@jCm{VqiEKm^#;RZLHI<e
z?Jm+`1;|=zZ+&t3v#NhnO}9IlJsGW1Z8VK&I=m`L6&X93<^BoFp;#syWyC#?O+uZ?
zAGR<cd1g5CeH5XZLyw!z%(6ir!`&(sd#f?b9uzHzrLmP%Q65!2)gnHR>_@X?5yxt6
zMyjm)(qB6P=(m_o1T4zcAu!Of#Ay?Ethek&d3+II20iR57hZqmf)-Vy+NIk*GUC@Z
zy79p%v~Jd!ks^qS+C`t7D64WQqoT~+aexN06}><UuNT<$d(D1SG+6C9Ftd>!P26aS
zpAu1+{kr&itcMJ*`RBE)7ofFA(ZaLE8<Xc#TLHVat5ftM)b;o9Fg`FLFbM_)D-Ht!
z8U+9Z6pW`|m;5UH7gnr{<92PV7YTq9Dp&**LUFezC~+9m#dmLrX~-krd?9|10s{et
Epae11N&o-=

diff --git a/examples/webserver/mutual-tls/src/main/resources/server.p12 b/examples/webserver/mutual-tls/src/main/resources/server.p12
index ff8e4ddfc7fc9907376df9a9fb5d453a466c6196..5fc1fba05d2e13b5eb9e249b493c2798e307bc5a 100644
GIT binary patch
literal 4218
zcmY+EbyO1!+r}Ae^hQf4F{E>2ga}G^%1B|<K%@jDloSRI6i{kNhx7pH#*tDlASI<V
zg0yrBujhQ<_dMtO<39Jff7g9oe_k*QtsgOf1csp%C#4X=YGO~p05U)hhL#J6p}q4L
zv%oN*{QoC`a6k+w{x6RGJ8wv-{?|oK2_VkFfE52idDxSG93U{v0(S4;lNu%rWL%ga
z9*0<eEl@*HN6kd8;C$FPIEjh*X^8<`Fltir|4AgK01?61NhxfxngB-<AV3I63x&>3
z$y!T;T6h;(oz2NqfEeJ2(7E)I;=X*zWi@q6&Q2wST?tqg^+{`WMX<L>jHN6^&<3kn
zS?w;8$N&7Ga$`!~hRN}+(0h&e;9n)0g%9geZ1lWA`IPr2NI<m$0ijDVAs<nb2c6=G
z_?#cs2m}dV<hAtE?K)?~K4M97Mo99Cb^6hBuy36IP{%7~_j^SbwEV%Gds^=-IGvH|
zfh;kLjdyfZ8&yXXlkn9U5Tkn@XOT?Wg_{#Ye2EUb>=ZtdWQnS~w=d(QdRPq0`OGT~
zs-=h7eR-qop)?PJ<fJ*x9K}D9x8uHzgYM+%$3B+`v-Dmo_XGI(DQa`LqG6jWYX%?P
zLmNCLAMw0Mr?ECeAjY3I(*G%CYGvS12~}+Jir(w;Ag>@L9jNE-oegXKjY_CcrZM6%
zwE1cttnwD_Fs0C4El1}Ux>?>-AoWn9J2V$NR{n&V&t7A@k<ig7lOkV$mZ)n*<&p2A
ztCBK3$}a}Wx9usnhrNO#oSyD0hM;X)`2&DGmNU9w5!9DoI8u#e-;58(_8<zOTD9C*
zCbEgr@q_}csi&W^sPk2p&w&SfE6kX~^mcIpKf`pQbG>9m4)*&GjN2gKEU;aCEFZL%
zclT(`+i>ZW;U4vYtb%1S*|iiZ-7fjDLXjEY42<w@WXqtJ7u-1ihnrP4cHl(RRcVfb
zJcQ){xab)mW;^A<H$%l*sX1UC%F8q_q8}ccm}=^<FYr1--OhYgo%o(5;Nyo@7n`i9
znlxM6RB@Qhd)WK1={wwkQi`{+w^OcH)gjH^iS(WA#}`r9!45kHgGUR=(~luB8Dg97
zPpVMj4E*qVi)h%YfC)&e^~q>K<EP$Li8kX!cYuZ~k=M7%Bekep>79`aso&YACM=a@
z3cjU2MGof=uL%Svq?MX~(5oLGdf?SYPPo#0#cSdWfUr)$?&SOC(NlfvN&D!Y5kkJo
zc}Pj;`8U=f%=DuqU?!<gQ=lxghkihPX?=~VLdFS`tLo6J^{!FBKfwZy+vlk=B`Eca
zz4+el_G?<XuQ?@QMm^x|H@e5aE%C!Cxk92>t!OJyCV~_l+ut*x?Jq-4xj3GA>6$wt
zvtBap?ZgUoI~oMe%kz(a$4lT9o1+(d99*B;wR^ufl6(4wQRFeRU{>)6OHru4<qo)?
z5gkfl_&Q6^HwmcF_DVYJvgvJ}!@w_#%DVi(I>IwZpiGC^ce6dk$e-zY)2v}%E8kcg
zo=W6i6)q7v%i4Li>xY|&tcsvdMcb!8VfkV=vKy}5A5d5+IBlqNIQ#1uZE<0pgT5UC
zJto}7$s#SlV4mOM!CP-$8a2WW1$c_drl<YHw@cRdI$|^=!nr4qe*YQsI1@~|Ef#U*
z8DjV*#1I5ns_nPq{9|Fid*2Dwa%(X%3DP3{>E=&=?Y(TrfTDJE)6)%i_2*5^VwBFK
z775#npEXVe`%!lN0D|vyG<yD$$yVyyf%|JbNJ!4j6}51kz@NMSY`%#u&-eVy;VVg1
zHYhih+yCL(a0vDa5?HyS#LVS70fyvyF%&J?0}ECwI1C>n77`~Jbqc{6Tu%2>&F(MP
zrgjHCzs<C{QPaf6R5UZ(?{v!4(&U%)8WXy0_K@D2h<)slW`@+ZIo8|A(sZ@kgggrD
z0hfl+{Zp3|jBp?aF%cXF{TDI88G-c1&hCy}a2c2^9FCBMOUXz`z%Z0<|2&bA=3ppM
ze~|?-favcs`d0zK1W76Xud@N9u-iaJ_sqsRAN%J`_8O$V{xdOCH6rOSViKY*!%z$*
z3rvlQZm8GA#p~Hb8O5}xKldS36C?$qlOtIWUG^-cp4JV{cyLsS)%jz-^Er3E@aoQ{
zmwE*Gx#$qyO^ahULJ5U>E_wJd_%L{+rb2D5#@J2QJ3PV5Gz*)SqiKB=0h+^0X6i76
z<Qv3*5lMMf?eH4T@<MsUTx|cd_CHp$um6z$QT_7P?y0envGbGl_m-!CAw`wwxbCyE
z2hHsAqk(3~!WJ~3*96UMq;h=YVO~ynlph1?*=!B^&!!>rk!HhZn4K(;8IfUmisa(j
zA^B`47y!ups>72zBsd0cy;)p%P{9CodVReh5NGHvsZ2jA(YEJ_%Z#cE3=<Z~S?^=-
z(ou^-P^Rr^4>&Iyn`cd2iWLi7Da6eQI5ssTSN)iG5V_8##~7NpEOW5nIF9x_Vq>ut
z+JOy0N~pkARLEsl)|?1SEm<WZ;!GI%7=1j7T~2?=mb0^KgmXj4N_X+5B=NeW%GguI
zRnPqpa*mB7-*Q=_po22qAEQ{oyQ=n!XWKIL_Pfx$c{^3Dhf>mRs&Db1zxb*+cFY$+
zBd&qB93k%_rqLT_t*8X^a)pH3wKzIr2t3??)Bra4`Qu2*+=5;ZdgA+A&&_&`<VLUj
zFH+yr?!&ekg4;ciq94~=+488ehwhQr8x^IklkD*3wLV!5m%$xv64G5y?y!p2(PUf%
z=JRFrD@cwFZeKl)zbrLpvg*88q43_-@*Nlywo^&~L;FaT<)Og7!D0F^5$jD=y^oev
zL6K7^;W!8a{*aQu{PUZ>uLJ*<UGKo}TKBj0Xj;1$va5D@ySu_3Kg7ip&mZ7vqxEcR
zx)aK=kx!%-%dgs-4g>SID&9fk+cNw=Z+a399&z54l_eK(D6U*#T0J7(wM3R^UE|CJ
z<HN8k!wb7~h>A)UQY&b8bPv_Gb-2uu?N#neX&8ijebfe-)MomcOR+en+!a8*nsOyn
z9a*Vu;LY&kYOIf(cW{W@gzBQ}^38+EtEG1{s&$(UfcrY-p`SOAKW#D?+iw55))hwr
zs#44XkLk+DWqy*6b{v*2wcswrX7x<J?=Z}j?KABl7WQJGi<y$adjY4&b*1nQ;6j&T
z8k}WUPSb39!L7CIX1fdDS{q;ca!^DkAYi?>?;Fb<*J4y;b3&l{gR<9+nXXQ(#_zRL
z5`W^vmgJ78()I1OiP;}J8-yp-`}xUqho$*ANy5DA<+G3by@+{8^{d^91RVX#cXU<S
zmc%LDlM8As!>^}dnoklyS2}gFQ7`uQUK&lFjPLhHW_L1})-*wqN9H}VKteUeof_}e
z)&OI|blsjNzM4xq%=JKNmWF6xMy%TCAn!37*})Oe;k3Kad4cF#S;Js8Es|AwZJlY%
zw~Gsx&Ptv6V`R`>=L8>Vfu#2?`m9m^^=fAzu8Q5ZDMiIOSyBJpixqs5@-3gt+3zuV
z^cvY7IPaiIGTJQJsPwlf5^oICI~?I)n-b1fx(mwBt|QXPzcgupMZTnM-NJ(IHVykP
z{a%DxZ=_P^Cic)7{rqZKr)|329BMNG!1m8Aw=irrX<F-BcnJu;B~ffkbP3wsma@M|
zkzEcy_DYL(PuKbmPM*GtoJqVM-lgJe0(cc&M9`Crt!hxm9r^0QwCEO0m{p6Xjnq2(
zs|*+OlQ%=swZ<XAr>!henm%L(??q|5w0sd_>(S9d1p*RDWv$07{K`Dqdq%*}_ql`C
z28;NcUJh3xS)j1s@M2i%Fm2UC!YgV%!T`zllmkqNq6ata{RAq5K}w|XT_UBLGb8+;
z8>1Ren}b@^aP<R)sqy{~n&m2b=+2NTh-WRGwqqNQT{u?M*ip1#i|d`}#P1{@E)2qC
zKhc{eft+(i!{nW}R!K|fqxnA`<3^cp77Am}(yFoX^JaUhTE-hs;yFXQmsKl^l~>rR
zW%MB9);qHl!Ly;CwpL^ILfF$u*nG+0sc9;44lP#ZQ{E{rQ=nu0B-uP6VPUUOY_H{F
zCARtftno<Gi34DPQCR9kp-bouTQwy;81xz6t{*z8TlX`{jAJELb3vu#?jRNv@1Ev%
zfRBDbSyqaiUlD#$d3kF}asAB79H7P`QZd;pa>sVIGg)P5VNmD9YAx_;K`%BUxPg;V
zPJPim^CEr2yCCtV-Hb~qeCqp3S}l)jHl5fWH~}o-P!q{*Q&g^c*<takH=2ycRHcY)
z>0M&JrYC$ybQ3X~g|pp!T8(+5V_n|2K_In1n!n77n@dRFeurg@8!t_@meD2j1UyQ%
z86z?!MG5jpDGju@eu^2Q@_YaR9m~v?{%0uuaB6^%&=P5}7~t}yK6^{Hf?uPwK5I;W
zsJc0j!ByaT>kwn-wMr$`#iwH;(LL?m@#}4VT8XIHvZPp^0PPq(b;#uNf*Y&NbMHX;
zky*436Z?{I7vwXV)qwYjbfl@LiQrJ)QY>MT<BWt(TP0+sxcn$a4}YS1;?WB0j5tjR
z`r$~&IqU|%86|eM?fUXSkTLs9cw)ozE4A@J#_{L}nmBsDtsOe1-Ja@+LV@Ya>d4q6
zPY-Yl1zHm&KdU0z?a!^g`aQ~i8uwCY2kZ&qHqxeYS0)k7Y-Si<MPTNL%_~SGcLbUO
zxs#n!&`vhY__JP}8E6Ba=n4|RM=07Y{LN_-!8avu<$Uw9Vt?w}(5<k%*yHQk?YeI-
zSfhh}(>!(*9>TRAMa#Ldb#Hyu!>PvTYH^XY6IQz~I}b+cx%1rO&*u&d5|nROdQ?Qp
zWV0~ti>fq+Tru(FN<E_HH9jelb<(IG-Lo;R_f)Lj;62w3qg<OIyV!jC65oT>OER`A
z?Vn^+UZy~gl<L;!HRs1g<^$`!viMfT)Vb)0M8<CxHxCd$PG}T5Pz+8*GdUooEEmp_
z6BK6z4K$v@A(T?piGEss>abV8C@(h(4<iOXs_maR)%*bWa_P;X$)hj`Nkb;?qUbHV
z8#bm(EY#tX4wSVT%eV=jHDZq^6!Y|L<IkrJKI4vN=IW;!bajepTW9XG@Oj}ISr%?S
z4GSwgyKbS0NY!f7F@(kz+HcvLGhJv_I+-HI>Wd^~OG#JDU#t|!1q!Rsb9`_%!qja>
zZj=Xdy!etVRjPsmK)W+Ig2<L%UnGe2q_<Uklslm(6~zzT67NpW_?dM+4KHW3k3^H}
z%O-F__~ZKGL`l;7I(>dF)818*yU?8^5GiXklq^_n&G4r1zEt5oW3s#*<I+FqfMOBl
z34ka{`CR1lZ~wYdmze1#YB#Wg|2nw0t-C2#;K3}Ue3|*=>*Jau^E!_>aFfIm^ekt=
z-R1mn)KFP9Ech&a*pO1CxzgF0({%2`v-n@+vL0i_%({@l)eLi6cp9OQP$J8Zet+?>
zm5%$kPOf4`@e1f-kt`K20k~7knC4f$-<RLTk~m_5`w4ppgTg3CLBbFcVm1&Fknv4y
xN65ONL)Ct0k+3n^^lz&oGk}bJz2w<?I(>z96_i^Y&q_V+BLgACBmivAe*rU}-vj^v

delta 4105
zcmV+k5cco-Af+IGFoF;v0s#Xsf)CmT2`Yw2hW8Bt2LYgh56c9C563Wq55q8m1z!dU
zDuzgg_YDCD0ic2fPy~VnOfZ54NHBs0L<S2ghDe6@4FL=a0Ro_c1p6?81otp01_~;M
zNQU<f0So~HFdGCEA`slc_l0>H5BeS3FAe+83|dsG0s{bl!%zf*1jwTkH{i-jqE)s<
z*Q{Y7Y{*T9%rD>jz$ly2XySr_M@#z`6xz{*V4f>rr9V+X!@m0mVcjO-*$&5G^!=N8
zCvNSPED{_4hw3^ai(##&baAC2%ZTD(hSkvSj3=rE?cgTxz^vsvjOXy=Pjg!#4*1kD
z{l>(PcC!C})pTkTF>qE&aPc#DLix9^{}0A(@h5w+C`=TJCXEID__6K8<7g&qVMuYc
z7}lW_C%@gbvk(?0m&BRV<6$QGIt;w77Bn+^dJZq=40qsfx&E3!nhajD?7XYO5{dfX
z1Z@uiP}zI-U-^_SFx_eNXn=I>|5Mb1@)c72<Aw)+!~i&&3b2=CEOHJPbF+b%f|2U^
zNej<wNrvA*ZSBdi;luF%gAcid++ORVj9VJP+O|oO!rji0Bc?G>TkxbqhXtoujXlmo
zP5ofJWoJUDUp<g(-UQdmuv+N2a=0A;idUPH9S;1_=oV%<qO^eJ7(ws2r=MaPQ8X2r
zFRucBvvZIbe2-a@9<3bX^(FGyuJ-8JNMMDGPnFJQX41r0KLo(UtrU^VFp(?&bD+;I
zu{~2_`Rm*$a7n(q_PSMXj%EF_V+^s-;I6%?X>9`O=9ZYT!Rcx`JdE-hn>LO3=BF?z
zGG4BXOKPQ>O{w~w%m(W3s9lVxa%7=Jx%W$d=+q^nNR(VT74mmCJyf!GzE5I!wpsH|
zISk#HSY@{>9HZF9dM}o<;MjpMm_!Gkn;UW^1RQ9o!C-I>j*tbUSJ4(wFANVmIcdei
zrp?kr#s`s+6_xgRo`-@OY@0_Q^8|vGiNvystAdcv*Tn9-YMD|()I<XY+ZsJ(D3oe{
zN}I&JP@lfLx+vg@sWRODOVGJW1_X(2Ix(tL?*ZZsr<(zLs-mmjy`pH6ee8J(I8Ur1
z;87l&UQ5^rYA-5=`J-%VJhYDt0dBS`Oh66pMYw7rwZCjc<glSqkF9M+KypZ7bWk-r
zXNPaRn7j+qC1eF)to3o|^jLShy;QP)qzV)T5GKiD<0Az6{9d~LaI^HkXeQmzLQ4tX
zMXMlk4&0ESgunp*p?VB!44lLbM;8Nw&(?3XX*sVVu2S@%0B8Fd@a1~=<<i%eCo5Oo
zXG6YirXWY_WPHwcSya@wV!ghS9Yr7Ag|=K3claYqg(b$tYZr<YjT#7w^n`_f?pnM0
z4zn7A)Ke2{(YNHmEtl%lyXFaXv1|a1HH`!UkR1Jq5tm>2rGM{ujer3T5Ed|@E$cO8
z%fJ>13<MaOW-f*23%kRt07&-XSO<CLwnr464f}bYMl)zJfJe1{;1k0k)!%?lOvm{I
z6U?T~?kNXKf5oO@OS6J}&=5O+WgMoKc-PmNeyi=+*l}Ob(VEAz-rBTQQE)HNr;XVP
z8%u~Juq(p9C<X>51M~3@btNcoyT)jR-QAvy%9lA4w|SOLM~7nCJQwW477nEFD$rrq
zAXT=eXm>mSN<~vx6)d8DROi*~;MF7tqulC<JjmThjgRfP5UL-zg!YbCoe!yUtuFjg
z^IM&RPp^hP9-m;|kOaGp{->MZ0haep?EsN!ehy@@vZJo6%Z9<tln1DYzsdHkraqEv
z2Kr>{_-#`E%>31{z$b7&85xP^GmRtBA@Meok_9X(H90XjI5agjGB!9iFoFtP1_>&L
zNQU<f0S5-4f(lJAf(l6j0RS+93PO|U1s#8%FKP94IzHP}R@xOg2hCM7#skIz0|3KN
zfPxALsRhWvt>l^rN8VNqR`{hb!v8L*anxDDZFDfEz=kcZ5eDr6lH`00*(sb-xw+t$
zKp)AY2!*@k`~wPvntYQ6;sifz9(cwC-3F=+|1X`*fv9QUQnJ2~_ddIyW0`C=>tcUV
zCBvAlPvN5BtFX5C%?RAr%tW)84Y^jgVJ>La1LMTq$;X11mrEU#-SK2|xM8LxYjOR)
zd&vNT2k<mJS4%}RA9NbBSzqAs4;(LGW#$=mw?g>%hPX_MHj$WQ?1n=&V=wcc#?6~H
zKgj*(zaqr`>!yjj-+7fA4?U>$;mCh8d_?7FD>ufpm<>`?rNQMgSgnSWC;DA3iQ+Nc
z2`;KXS?8)E%A^7Q;suN{BL3Aomb=6ZBoFyi#B+DExH!X@Pn6kYtwt*c8~i75Y@&3+
zMJhh(vGD;SzSITgdiaW|Wq5Okjn$ei8Z!zck}#7J>Hq*_QQ;k#L6$;m0rh{uY$Ahh
zHL}2MMfO*yI+0zt#Cp6WJpINo?r|5KR}q$NS~p!pvt5~LuYn5co}btJndgRCS30#B
z*gQm+ghv5rxK|O>H$?7DK`tT*{|mDd|0j*y4AaZb;&ZSXRy(`chXjdBq?r1rH$J^?
z?Q6UqRJPU(c3-Rz87%o`K@xvz_WrSqESybcL<8^Osz-GnbF}B8%k&`JunD*h`h$75
z-qEL>TRMYhHns)uII!>PE{T@zQmyLt%WS(mnQi_DbvExPeMN|pJ8OEOMS~Cs?#ttZ
za5Lh-DT)|UbCDRV?b$-n?ms=3*qZ4(6ke?AA_)HaqQ9$pH93k%m`i`c@?yR~9RbZa
zf<b{q2cewB4*e_qs1KAc$5WV&-SqF%G*!a!dbkb8im4P|#Iga3lafw+UlFHm@~@Zq
z{LK4o-%q)ohB;Ck!G1TOuH@w$SXOt%dT=6^_*C2f(xbQ+j+C*sR`LIH;=)IM1ISi&
z{O<xITJ%g^3}|s*nPh*Y0UE^~jh3P5eHBL#9834eI6-v;B)=}wEpEY38=9nS2c}V=
z)HySx$G+E+gEQHX6UMZX)j$9EX!%pP+3KKn+eFS{;7*aKkHsBn98m7v2J&#X!a7~4
zR7Rf$OHp26$sbK>lFy)x1BP9#l*|0b=;gv*rWo3%E8kmqQAK~i28O7XOZY2-SH(5H
z1YPdhwyyl|26Zb`aXuBo^$I+%&sr7)-CntndvaBzD9V-0sw=Me1a&-$`}DHB^}`ca
z1(~6^;R~xlTJqn(xvY}Q_K3^P+mF>s{tT{>gt)8xEMBCd(YsUaXb)#=cJSNBQGgdQ
zb>;3o13BXUbDn?AR)MtY71Nr8LlhBijs7KQFdGkMEhfsJnnR~tMt5pnR~>AEg4$Ol
z9U5?Q97zZ?otWN})xm}a9R31U(XutKSSLzW9POyI2_ruOInhZ3098QH*;z&X($|w_
zpr6h6vf#^!JClJP?%7?gso+3A*UY~r`WIROZc=v*yCi=+o=K=^(Z)`PNN9p5;gLg%
zr0$$#_JPMWP=ZTNre8)nroe|0n}NDRKjpQ7+`_?xQvSWQorCUfOjSPk|FhDQ!IJe=
za(L@`+8}01PynL>VYAXLP{c0&)wDsuO<btlgh45HjhsF>b>mru7S60PnrO_Qh_<h&
z7EO5}VC#Q7ceA+YKxY1W@dZrfH9!^c&<*w=)b$@MK5YA5l9P4K{HcW}wt35Q0zhU*
zFTdFK6_y=KIn4H}X)-LzAvrZ5Hp2&;jwh2=TA0bZmyqnph>ylrK@3ZVm{P!1)~l`E
z<do5&XYibKhZE_N!Rm?vti{2Xdq-2vXUKliTJ(RAB>|TOq19%Z4-OYr;rI6-W>SS`
zHfuAN2LD2t93_xyz=j0NN%jug=H=;5qHEef0C5d#erlbqHvpzCJLW3|xSyXAXUk)m
zN*mRy{rxycu1ok9oD-|=!O3vO+f#NM#txl;uHGCfdTw5S9HnE$b7!9RwTQ%&pgo6Q
zB|d){MpF(Ks}HY}WX4)Wxke$U0$k{Cj((kL9otufe7t*CJ0gOQR=}t)!{vafEV{XG
zgv}hjA){p|OHGG4^xM^osigeX;Wz)uaQ@N0;XOR)(ye!i<|Z5y$)-S>v`GHyL1|9a
zM{&}06V?zj`p(^uI93Im$|GOT4gV{jW*vV9Mv7Sa*#Ia{9nt>_yK3P7ChvGw<W0D>
z^l7(+!%XJ~$QRm2-H<fXx5o|y>Oi~oPlRSPwP5_I$hv}C&!jCkShOg2vyDD-`zP>4
zQXk2OS&9c%m|NYD2!_i~!`sxqyG<9wmnHKqk?!5PD+0_l+J5>Mys2>2In>b;6zP9m
zaE||r0T9I##L4<oBM8e3E?1+fxHNIn0EvFkPt7w;_Uz3CljFot`k?~Rg&5F92l{jC
ztG4(Qmbg>p!qQI`4Yyyr2n3;ebAoO3-S_{v2VS4b!4Nm=r!cY1>C+M%nF2#WTs@*<
zsOC*F5u=|08}yChk<=E>fc`K574Co8q3t4F^E0tyz(@qBXMdt)zTw|O{zs-o22nVn
zaxit$eT@3}RgP<D<d)UJDhGt#^B%-F@#`VyQu|UC9bWOnSJW3`wf}r47VGs~5V%uX
zQrqx52uZ^{z^r9T>G3@_q{ai9gGVS$@G*slKcX~d?$|9ZeHW^YxkSy!)`5QooRqjG
zsf7hXYmBQMbabCNL2!@7cFDXN_nF$(v3Zab&k3UJ_FT5Z`ZziLXP3(?=;IS69jAmD
zeGMMK^&3BcH(M%(8?4A{4}xdJuLnc*VCBVnIncBffldYIpMk~@VE!_Ti+3^rZ6YON
z-2I-S=SF7A>BRa`JFw4~9(aG#G~vIJ$32(&BJZXrz(kXR8d0p`b_+6R`pVbVSR991
z+_1M)%G`I<N>%#+wD|Ke!D|Vx&Y0a?1H2tG(lj%u&ogfEgF8yxuk!l5oI+CR|C*T~
zf=}6`&6=^(4*~yiKc5}a!0Ffxe5Fg4xnEV@M()s+f}_>BPCV|<y>Wk&%JRPSP))HS
z<O*EVR{JJ^RGoRzFXy&Wff6Bymrd9YT>*l94vofq5<ota+^kQyc*v7SP3_5gBFH&#
zJ~Vs*1RDIdqHqhV17W|eZ0%u>+}rP9+9c<#Y&8o!jbldC%N5(}Q^-M!VMm>21U`PP
z(XtKa!{azu-v>3MNm+ko$7%ty)nD7QC>c(9zNcb${MvV)jU?*T4QJ_hKdG9@T>Piw
z9<2S^A@|$8^W}pz;j`i*Wo&$GtQ|#P`(y$82$rbI5~2%hX(z_rpZh7+I+<KZSqE>n
zy@Pcjyr%Sub+oouQ_VNEAXYzTu?GOXL6J&Pw)VUnQ-;k(v;BF&B`S*2wSd34#u>R=
zGu42>AmvbQpu`bIRtjkgvV{QGNuMTTv+b+(+=z?nVOK6B8<7&-nsV40Fg`FLFbM_)
zD-Ht!8U+9Z6q;aQ5!Q<tjdMIrIXM}qKBV}cvIG=z&R^`<yF-$o;fqj^Q|f+aTCVW|
H0|ADhE=ckp

diff --git a/examples/webserver/mutual-tls/src/test/resources/application-test.yaml b/examples/webserver/mutual-tls/src/test/resources/application-test.yaml
index 651414573dc..eecb089e299 100644
--- a/examples/webserver/mutual-tls/src/test/resources/application-test.yaml
+++ b/examples/webserver/mutual-tls/src/test/resources/application-test.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,13 +23,13 @@ server:
         client-auth: "REQUIRE"
         trust:
           keystore:
-            passphrase: "password"
+            passphrase: "changeit"
             trust-store: true
             resource:
               resource-path: "server.p12"
         private-key:
           keystore:
-            passphrase: "password"
+            passphrase: "changeit"
             resource:
               resource-path: "server.p12"
 
@@ -37,13 +37,13 @@ client:
   tls:
     server:
       keystore:
-        passphrase: "password"
+        passphrase: "changeit"
         trust-store: true
         resource:
           resource-path: "client.p12"
     client:
       keystore:
-        passphrase: "password"
+        passphrase: "changeit"
         resource:
           resource-path: "client.p12"
 
diff --git a/examples/webserver/tls/src/main/resources/application.yaml b/examples/webserver/tls/src/main/resources/application.yaml
index a10b3d4da39..f12dbe0000e 100644
--- a/examples/webserver/tls/src/main/resources/application.yaml
+++ b/examples/webserver/tls/src/main/resources/application.yaml
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.