#### Content Encryption

	Endpoint         string
	Secure           bool
	Err              error
}

func (rs *replStat) endpoint() string {
	scheme := "http"
	if rs.Secure {
		scheme = "https"
	}
	return scheme + "://" + rs.Endpoint
}

func (rs *replStat) set(arn string, n int64, duration time.Duration, status replication.StatusType, opType replication.Type, endpoint string, secure bool, err error) {
	rs.Endpoint = endpoint

///

## Handle JWT tokens { #handle-jwt-tokens }

Import the modules installed.

Create a random secret key that will be used to sign the JWT tokens.

To generate a secure random secret key use the command:

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7
```

	config := tcfg.Credentials
	creds := credentials.NewStaticV4(config.AccessKey, config.SecretKey, "")

	api, err := minio.New(tcfg.Endpoint, &minio.Options{
		Creds:     creds,
		Secure:    tcfg.Secure,
		Region:    tcfg.Region,
		Transport: globalRemoteTargetTransport,
	})
	if err != nil {
		return nil, err
	}
	api.SetAppInfo("minio-replication-target", ReleaseTag+" "+tcfg.Arn)

		if err != nil {
			return nil, err
		}
		connOpts = append(connOpts, nkeyOpt)
	}
	if n.Secure || n.TLS && n.TLSSkipVerify {
		connOpts = append(connOpts, nats.Secure(nil))
	} else if n.TLS {
		connOpts = append(connOpts, nats.Secure(&tls.Config{RootCAs: n.RootCAs}))
	}
	if n.TLSHandshakeFirst {
		connOpts = append(connOpts, nats.TLSHandshakeFirst())
	}

			}
		case "Endpoint":
			z.Endpoint, err = dc.ReadString()
			if err != nil {
				err = msgp.WrapError(err, "Endpoint")
				return
			}
		case "Secure":
			z.Secure, err = dc.ReadBool()
			if err != nil {
				err = msgp.WrapError(err, "Secure")
				return
			}
		default:
			err = dc.Skip()
			if err != nil {
				err = msgp.WrapError(err)
				return
			}
		}
	}

The domains are securely verified and the certificates are generated automatically. This also allows automating the renewal of these certificates.

The idea is to automate the acquisition and renewal of these certificates so that you can have **secure HTTPS, for free, forever**.

## HTTPS for Developers { #https-for-developers }

   * MD5 (128 hash bits) hash function and the given secret key.
   *
   * <p>If you are designing a new system that needs HMAC, prefer {@link #hmacSha256} or other
   * future-proof algorithms <a
   * href="https://datatracker.ietf.org/doc/html/rfc6151#section-2.3">over {@code hmacMd5}</a>.
   *
   * @param key the secret key

  ## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
  ## MINIO_BROWSER: "off"

## The name of a secret in the same kubernetes namespace which contain secret values
## This can be useful for LDAP password, etc
## The key in the secret must be 'config.env'
##
extraSecret: ~

## OpenID Identity Management

		} else {
			mcreds = credentials.NewStaticV4(sa.Credentials.AccessKey, sa.Credentials.SecretKey, "")
		}

		return minio.New(driver.endpoint, &minio.Options{
			Creds:           mcreds,
			Secure:          globalIsTLS,
			Transport:       tr,
			TrailingHeaders: true,
		})
	}

	// ok == true - at this point

	if ui.Credentials.IsTemp() {
		// Temporary credentials are not allowed.