Import the modules installed.

Create a random secret key that will be used to sign the JWT tokens.

To generate a secure random secret key use the command:

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7
```

</div>

And copy the output to the variable `SECRET_KEY` (don't use the one in the example).

У Pydantic-моделей есть метод `.dict()`, который возвращает `dict` с данными модели.

Поэтому, если мы создадим Pydantic-объект `user_in` таким способом:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

и затем вызовем:

```Python
user_dict = user_in.dict()
```

Melden Sie sich bei der Anwendung auf die gleiche Weise wie zuvor an.

Verwenden Sie die Anmeldeinformationen:

Benutzername: `johndoe`
Passwort: `secret`.

!!! check
    Beachten Sie, dass im Code nirgendwo das Klartext-Passwort "`secret`" steht, wir haben nur die gehashte Version.

<img src="/img/tutorial/security/image08.png">

Rufen Sie den Endpunkt `/users/me/` auf, Sie erhalten die Response:

Using these tools, you can make the security system compatible with any database and with any user or data model.

The only detail missing is that it is not actually "secure" yet.

    사용해야 한다면 `OAuth2PasswordRequestForm` 대신 `OAuth2PasswordRequestFormStrict`를 사용하면 됩니다.

* `client_id`(선택적으로 사용) (예제에서는 필요하지 않습니다).
* `client_secret`(선택적으로 사용) (예제에서는 필요하지 않습니다).

!!! 정보
    `OAuth2PasswordRequestForm`은 `OAuth2PasswordBearer`와 같이 **FastAPI**에 대한 특수 클래스가 아닙니다.

    `OAuth2PasswordBearer`는 **FastAPI**가 보안 체계임을 알도록 합니다. 그래서 OpenAPI에 그렇게 추가됩니다.

    Wenn Sie es erzwingen müssen, verwenden Sie `OAuth2PasswordRequestFormStrict` anstelle von `OAuth2PasswordRequestForm`.

* Eine optionale `client_id` (benötigen wir für unser Beispiel nicht).
* Ein optionales `client_secret` (benötigen wir für unser Beispiel nicht).

!!! info
    `OAuth2PasswordRequestForm` ist keine spezielle Klasse für **FastAPI**, so wie `OAuth2PasswordBearer`.

Go 1.22 disabled
[`ConnectionState.ExportKeyingMaterial`](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial)
when the connection supports neither TLS 1.3 nor Extended Master Secret
(implemented in Go 1.21). It can be reenabled with the [`tlsunsafeekm`
setting](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial).

Go 1.22 changed how the runtime interacts with transparent huge pages on Linux.

  // wildcard host setting for the loadbalancer controller fulfilling this
  // Ingress, if left unspecified.
  // +optional
  repeated string hosts = 1;

  // secretName is the name of the secret used to terminate TLS traffic on
  // port 443. Field is left optional to allow TLS routing based on SNI
  // hostname alone. If the SNI host in a listener conflicts with the "Host"

# Settings and Environment Variables

In many cases your application could need some external settings or configurations, for example secret keys, database credentials, credentials for email services, etc.

Most of these settings are variable (can change), like database URLs. And many could be sensitive, like secrets.

For this reason it's common to provide them in environment variables that are read by the application.

## Environment Variables

!!! tip

  // wildcard host setting for the loadbalancer controller fulfilling this
  // Ingress, if left unspecified.
  // +listType=atomic
  // +optional
  repeated string hosts = 1;

  // secretName is the name of the secret used to terminate TLS traffic on
  // port 443. Field is left optional to allow TLS routing based on SNI
  // hostname alone. If the SNI host in a listener conflicts with the "Host"