}
	// validate if target credentials are ok
	exists, err := clnt.BucketExists(ctx, tgt.TargetBucket)
	if err != nil {
		switch minio.ToErrorResponse(err).Code {
		case "NoSuchBucket":
			return BucketRemoteTargetNotFound{Bucket: tgt.TargetBucket, Err: err}
		case "AccessDenied":
			return RemoteTargetConnectionErr{Bucket: tgt.TargetBucket, AccessKey: tgt.Credentials.AccessKey, Err: err}
		}

	if len(authFields) != 2 {
		return auth.Credentials{}, false, ErrMissingFields
	}

	// Then will be splitting on ":", this will separate `AWSAccessKeyId` and `Signature` string.
	keySignFields := strings.Split(strings.TrimSpace(authFields[1]), ":")
	if len(keySignFields) != 2 {
		return auth.Credentials{}, false, ErrMissingFields
	}

	return checkKeyValid(r, keySignFields[0])
}

		}
	} else {

		// Temporary credentials are not allowed.
		if ui.Credentials.IsTemp() {
			return nil, errAuthentication
		}

		if subtle.ConstantTimeCompare([]byte(ui.Credentials.SecretKey), pass) != 1 {
			return nil, errAuthentication
		}
	}

	return &ssh.Permissions{
		CriticalOptions: map[string]string{
			"AccessKey":    ui.Credentials.AccessKey,
			"SecretKey":    ui.Credentials.SecretKey,

    2>&1 | tee -i "${artifacts}/build-log.txt"
  exit $?

else
  # Refresh sudo credentials if needed
  if ping -c 1 -q metadata.google.internal &> /dev/null; then
    echo 'Running on GCE, not asking for sudo credentials'
  elif ping -c 1 -q 169.254.169.254 &> /dev/null; then
    echo 'Running on AWS, not asking for sudo credentials'
  elif sudo --non-interactive "$(which bash)" -c true 2> /dev/null; then

			if u.Credentials.IsTemp() {
				// We should delete such that the client can re-request
				// for the expiring credentials.
				deleteKeyEtcd(ctx, ies.client, getUserIdentityPath(user, userType))
				deleteKeyEtcd(ctx, ies.client, getMappedPolicyPath(user, userType, false))
			}
			return nil
		}
		u.Credentials.Claims = jwtClaims.Map()
	}
	if u.Credentials.Description == "" {

    }

    @CompileStatic
    HttpResourceInteraction expect(String path, boolean matchPrefix, Collection<String> methods, Action action, PasswordCredentials credentials = null) {
        if (credentials != null) {
            action = withAuthentication(path, credentials.username, credentials.password, action)
        } else {
            action = refuseAuthentication(path, action)
        }

If you are concerned about placing your credentials in `gradle.properties`, check out the https://plugins.gradle.org/plugin/de.qaware.seu.as.code.credentials[Seauc Credentials plugin] or the https://plugins.gradle.org/plugin/nu.studer.credentials[Gradle Credentials plugin].

[[plugin-publishing-plugin]]
== Adding the {publishplugin}

			if u.Credentials.IsTemp() {
				// We should delete such that the client can re-request
				// for the expiring credentials.
				iamOS.deleteIAMConfig(ctx, getUserIdentityPath(user, userType))
				iamOS.deleteIAMConfig(ctx, getMappedPolicyPath(user, userType, false))
			}
			return nil

		}
		u.Credentials.Claims = jwtClaims.Map()
	}

	if u.Credentials.Description == "" {

func ConstructSdsSecretConfigForCredential(name string, credentialSocketExist bool) *tls.SdsSecretConfig {
	if name == "" {
		return nil
	}
	if name == credentials.BuiltinGatewaySecretTypeURI {
		return ConstructSdsSecretConfig(SDSDefaultResourceName)
	}
	if name == credentials.BuiltinGatewaySecretTypeURI+SdsCaSuffix {
		return ConstructSdsSecretConfig(SDSRootResourceName)
	}

		namespaces[ns.Name] = ns
	}
	input.Namespaces = namespaces

	if c.credentialsController != nil {
		credentials, err := c.credentialsController.ForCluster(c.cluster)
		if err != nil {
			return fmt.Errorf("failed to get credentials: %v", err)
		}
		input.Credentials = credentials
	}

	output := convertResources(input)

	// Handle all status updates
	c.QueueStatusUpdates(input)