A minimal level of support would be for a SecretKey to be provided to the realm as it is initialised.

We should consider the level of encryption required and different levels could have different policies.

• Encryption of credentials.
• Encryption of attributes.
• Complete obfuscation of the username.

As realms already exist the tool could have a utility added to take a clear text realm and convert.