* @Secured({ "ROLE_ADMIN" })
 * public void delete(Contact contact);
 * </pre>
 * @author Mark St.Godard
 */
@Target({ ElementType.METHOD, ElementType.TYPE })
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface Secured {
    /**
     * Returns the list of security configuration attributes (e.g.&nbsp;ROLE_USER, ROLE_ADMIN).
     *
     * @return String[] The secure method attributes
     */

}

// GetRootCAFromSecretConfigDump retrieves root CA from a secret config dump wrapper
func (w *Wrapper) GetRootCAFromSecretConfigDump(anySec *anypb.Any) (string, error) {
	var secret extapi.Secret
	if err := anySec.UnmarshalTo(&secret); err != nil {
		return "", fmt.Errorf("failed to unmarshall ROOTCA secret: %v", err)
	}
	var returnStr string
	var returnErr error
	rCASecret := secret.GetValidationContext()
	if rCASecret != nil {

	configDumpFile, err := os.Open("testdata/secret/config_dump.json")
	if err != nil {
		t.Errorf("error opening test data file: %v", err)
	}
	defer configDumpFile.Close()
	configDump, err := io.ReadAll(configDumpFile)
	if err != nil {
		t.Errorf("error reading test data file: %v", err)
	}

	outFile, err := os.Open("testdata/secret/output")
	if err != nil {

	flag.StringVar(&sourceBucket, "source-bucket", "", "Select a specific bucket")
	flag.StringVar(&sourcePrefix, "source-prefix", "", "Select a prefix")

	flag.StringVar(&targetEndpoint, "target-endpoint", "https://play.min.io", "S3 endpoint URL")
	flag.StringVar(&targetAccessKey, "target-access-key", "Q3AM3UQ867SPQQA43P2F", "S3 Access Key")

		if e != nil {
			log.Fatalln("Unable to parse --modified-since:", e)
		}
	}

	u, err := url.Parse(endpoint)
	if err != nil {
		log.Fatalln(err)
	}

	secure := strings.EqualFold(u.Scheme, "https")
	transport, err := minio.DefaultTransport(secure)
	if err != nil {
		log.Fatalln(err)
	}
	if insecure {
		// skip TLS verification
		transport.TLSClientConfig.InsecureSkipVerify = true
	}

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.
We'll use secrets to hold the TLS certificate and key. To create a secret, update the paths to `private.key` and `public.crt`
below.

Then type

```sh

set the env. variable `MINIO_KMS_SECRET_KEY` and start/restart the MinIO server. For more details about KES and how
to set it up refer to our [KMS Guide](https://github.com/minio/minio/blob/master/docs/kms/README.md).

Instead of configuring an external KMS you can start with a single key by
setting the env. variable `MINIO_KMS_SECRET_KEY`. It expects the following
format:

```sh
MINIO_KMS_SECRET_KEY=<key-name>:<base64-value>
```

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE components PUBLIC "-//DBFLUTE//DTD LastaDi 1.0//EN"
	"http://dbflute.org/meta/lastadi10.dtd">
<components>
	<component name="scoreUpdater" class="org.codelibs.fess.score.ScoreUpdater">
	</component>

## Other middlewares

There are many other ASGI middlewares.

For example:

* <a href="https://docs.sentry.io/platforms/python/guides/fastapi/" class="external-link" target="_blank">Sentry</a>
* <a href="https://github.com/encode/uvicorn/blob/master/uvicorn/middleware/proxy_headers.py" class="external-link" target="_blank">Uvicorn's `ProxyHeadersMiddleware`</a>

		return nil, errors.New("both access and secret keys are required")
	}

	if conf.Bucket == "" {
		return nil, errors.New("no bucket name was provided")
	}

	u, err := url.Parse(conf.Endpoint)
	if err != nil {
		return nil, err
	}

	creds := credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")
	opts := &minio.Options{
		Creds:           creds,
		Secure:          u.Scheme == "https",