}

// GetRootCAFromSecretConfigDump retrieves root CA from a secret config dump wrapper
func (w *Wrapper) GetRootCAFromSecretConfigDump(anySec *anypb.Any) (string, error) {
	var secret extapi.Secret
	if err := anySec.UnmarshalTo(&secret); err != nil {
		return "", fmt.Errorf("failed to unmarshall ROOTCA secret: %v", err)
	}
	var returnStr string
	var returnErr error
	rCASecret := secret.GetValidationContext()
	if rCASecret != nil {

// KMS that uses s as builtin single key as KMS implementation.
func ParseSecretKey(s string) (*KMS, error) {
	v := strings.SplitN(s, ":", 2)
	if len(v) != 2 {
		return nil, errors.New("kms: invalid secret key format")
	}

	keyID, b64Key := v[0], v[1]
	key, err := base64.StdEncoding.DecodeString(b64Key)
	if err != nil {
		return nil, err
	}
	return NewBuiltin(keyID, key)
}

Andreas Auernhammer <******@****.***> 1715126137 +0200

			return nil, fmt.Errorf("failed building warming secret %s: %v",
				activeSecret.Name, err)
		}
		for _, secret := range secrets {
			if activeSecret.VersionInfo == "uninitialized" {
				secret.State = "UNINITIALIZED"
			}
		}
		proxySecretItems = append(proxySecretItems, secrets...)
	}
	return proxySecretItems, nil
}

For testing purposes, here is [how to create self-signed certificates](https://github.com/minio/minio/tree/master/docs/tls#3-generate-self-signed-certificates).

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.

)

// printSecretItemsTabular prints the secret in table format
func (w *sdsWriter) printSecretItemsTabular(secrets []SecretItem) error {
	if len(secrets) == 0 {
		fmt.Fprintln(w.w, "No secret items to show.")
		return nil
	}
	var hasUnknownTrustDomain bool
	for _, secret := range secrets {
		if secret.SecretMeta.TrustDomain == "" {
			hasUnknownTrustDomain = true
			break
		}
	}

```

### MinIO Custom Access and Secret Keys using Docker secrets

To override MinIO's auto-generated keys, you may pass secret and access keys explicitly by creating access and secret keys as [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). MinIO server also allows regular strings as access and secret keys.

```
echo "AKIAIOSFODNN7EXAMPLE" | docker secret create access_key -

		// check the ROOTCA from secret dump
		if secret.Name == "ROOTCA" {
			var returnStr string
			var returnErr error
			strCA, err := c.configDump.GetRootCAFromSecretConfigDump(secret.GetSecret())
			if err != nil {
				returnStr = ""
				returnErr = fmt.Errorf("can not dump ROOTCA from secret: %v", err)
			} else {
				returnStr = strCA
				returnErr = nil
			}
			return returnStr, returnErr
		}
	}

    response = client.post("/login/", data={"username": "Foo", "password": "secret"})
    assert response.status_code == 200
    assert response.json() == {"username": "Foo", "password": "secret"}


@needs_pydanticv2
def test_post_body_extra_form(client: TestClient):
    response = client.post(
        "/login/", data={"username": "Foo", "password": "secret", "extra": "extra"}
    )
    assert response.status_code == 422

	for _, secret := range secretDump {
		if strings.Contains(secret.State, "Unavailable") {
			secret.State = "Unavailable"
		}
		if len(secret.CertChain) == 0 {
			fmt.Fprintf(w, "%v\t%v\t%v\t%v\t%v\t%v\t%v\n",
				secret.Identity, valueOrNA(""), secret.State, false, valueOrNA(""), valueOrNA(""), valueOrNA(""))
		} else {
			for i, ca := range secret.CertChain {
				t := "Intermediate"
				if i == 0 {