For testing purposes, here is [how to create self-signed certificates](https://github.com/minio/minio/tree/master/docs/tls#3-generate-self-signed-certificates).

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.

```

### MinIO Custom Access and Secret Keys using Docker secrets

To override MinIO's auto-generated keys, you may pass secret and access keys explicitly by creating access and secret keys as [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). MinIO server also allows regular strings as access and secret keys.

```
echo "AKIAIOSFODNN7EXAMPLE" | docker secret create access_key -

        env:
          ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.SONATYPE_CENTRAL_USERNAME }}
          ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.SONATYPE_CENTRAL_PASSWORD }}
          ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.GPG_SECRET_KEY }}

#### Исправление с помощью `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

Но в нашем коде мы используем `secrets.compare_digest()`.

Вкратце: сравнение `stanleyjobsox` с `stanleyjobson` займёт столько же времени, сколько и сравнение `johndoe` с `stanleyjobson`. То же относится и к паролю.

        with:
          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
          command: pages deploy ./site --project-name=${{ env.PROJECT_NAME }} --branch=${{ env.BRANCH }}
      - name: Deploy Docs Status Error
        if: failure()
        run: python ./scripts/deploy_docs_status.py
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

But in our code we are actually using `secrets.compare_digest()`.

In short, it will take the same time to compare `stanleyjobsox` to `stanleyjobson` than it takes to compare `johndoe` to `stanleyjobson`. And the same for the password.

          SMOKESHOW_GITHUB_COVERAGE_THRESHOLD: 100
          SMOKESHOW_GITHUB_CONTEXT: coverage
          SMOKESHOW_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SMOKESHOW_GITHUB_PR_HEAD_SHA: ${{ github.event.workflow_run.head_sha }}

import logging
import secrets
import subprocess
from pathlib import Path

import yaml
from github import Github
from pydantic import BaseModel, SecretStr
from pydantic_settings import BaseSettings


class Settings(BaseSettings):
    github_repository: str
    github_token: SecretStr


class Repo(BaseModel):
    name: str
    html_url: str
    stars: int
    owner_login: str
    owner_html_url: str

        env:
          GITHUB_TOKEN: ${{ secrets.FASTAPI_TRANSLATIONS }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
      - name: FastAPI Translate
        run: |
          python ./scripts/translate.py ${{ matrix.command }}
          python ./scripts/translate.py make-pr
        env:
          GITHUB_TOKEN: ${{ secrets.FASTAPI_TRANSLATIONS }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}

        with:
          role-to-assume: arn:aws:iam::992382829881:role/GHASecrets_gradle_all
          aws-region: "eu-central-1"
      - name: get secrets
        uses: aws-actions/aws-secretsmanager-get-secrets@v2
        with:
          secret-ids: |
            BOT_GRADLE_GITHUB_TOKEN, gha/gradle/_all/BOT_GRADLE_GITHUB_TOKEN
            TEAMCITY_ACCESS_TOKEN, gha/gradle/_all/TEAMCITY_ACCESS_TOKEN
      - name: Setup java