)
        else:
            return None

    def _create_credentials_fetcher(self):
        method = self.METHOD

        def fetch_credentials():
            # HTTP headers are case insensitive filter out
            # all duplicate headers and pick one.
            headers = {}
            headers['content-type'] = 'application/x-www-form-urlencoded'
            headers['authorization'] = urllib3.make_headers(

	// Allows for a sub-match of the first value after 'for=' to the next
	// comma, semi-colon or space. The match is case-insensitive.
	forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)(.*)`)
	// Allows for a sub-match for the first instance of scheme (http|https)
	// prefixed by 'proto='. The match is case-insensitive.
	protoRegex = regexp.MustCompile(`(?i)^(;|,| )+(?:proto=)(https|http)`)
)

		etag = metadata["md5Sum"]
	}
	// Success.
	return etag
}

// HasPrefix - Prefix matcher string matches prefix in a platform specific way.
// For example on windows since its case insensitive we are supposed
// to do case insensitive checks.
func HasPrefix(s string, prefix string) bool {
	if runtime.GOOS == globalWindowsOSName {
		return stringsHasPrefixFold(s, prefix)
	}
	return strings.HasPrefix(s, prefix)
}

	// as an audience value. It MAY also contain identifiers for
	// other audiences. In the general case, the aud value is an
	// array of case sensitive strings. In the common special case
	// when there is one audience, the aud value MAY be a single
	// case sensitive
	audValues, ok := policy.GetValuesFromClaims(claims, audClaim)
	if !ok {

## 2. Create Kubernetes secret

[Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret) are intended to hold sensitive information.
We'll use secrets to hold the TLS certificate and key. To create a secret, update the paths to `private.key` and `public.crt`
below.

Then type

```sh

	// so we do not want to override them, copy them instead.
	for k, v := range encMetadata {
		metadata[k] = v
	}

	// Ensure that metadata does not contain sensitive information
	crypto.RemoveSensitiveEntries(metadata)

	if isCompressible(r.Header, object) {
		// Storing the compression metadata.
		metadata[ReservedMetadataPrefix+"compression"] = compressionAlgorithmV2
	}

			amzDate, errCode := parseAmzDateHeader(r)
			if errCode != ErrNone {
				if ok {
					tc.FuncName = "handler.Auth"
					tc.ResponseRecorder.LogErrBody = true
				}

				// All our internal APIs are sensitive towards Date
				// header, for all requests where Date header is not
				// present we will reject such clients.
				defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))

	// so we do not want to override them, copy them instead.
	for k, v := range encMetadata {
		srcInfo.UserDefined[k] = v
	}

	// Ensure that metadata does not contain sensitive information
	crypto.RemoveSensitiveEntries(srcInfo.UserDefined)

	// If we see legacy source, metadataOnly we have to overwrite the content.
	if srcInfo.Legacy {
		srcInfo.metadataOnly = false
	}

			Description: `HTTP(s) endpoint e.g. "http://localhost:8080/minio/logs/server"`,
			Type:        "url",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         AuthToken,
			Description: `opaque string or JWT authorization token`,
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         ClientCert,

			Type:        "address",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         SRVRecordName,
			Description: `DNS SRV record name for LDAP service, if given, must be one of "ldap", "ldaps" or "on"` + defaultHelpPostfix(SRVRecordName),
			Optional:    true,
			Type:        "string",
			Sensitive:   false,
		},
		config.HelpKV{
			Key:         LookupBindDN,