/home/user1/.minio
└─ certs
   ├─ CAs
   ├─ private.key
   └─ public.crt
```

You can provide a custom certs directory using `--certs-dir` command line option.

#### Credentials

On MinIO admin credentials or root credentials are only allowed to be changed using ENVs namely `MINIO_ROOT_USER` and `MINIO_ROOT_PASSWORD`.

```sh
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio13
minio server /data
```

    /**
     * Gets the signing key for SMB2/3
     *
     * @return the signing key or null if not available
     */
    byte[] getSigningKey();

    /**
     * Validates authentication credentials
     *
     * @return true if credentials are valid
     */
    boolean validateCredentials();

    /**
     * Clears sensitive authentication data
     */
    void clearSensitiveData();

    /**

Então nós podemos utilizar o `secrets.compare_digest()` para garantir que o `credentials.username` é `"stanleyjobson"`, e que o `credentials.password` é `"swordfish"`.

{* ../../docs_src/security/tutorial007_an_py39.py hl[1,12:24] *}

Isso seria parecido com:

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Return some error
    ...
```

	// Get credential.
	credentials := globalActiveCred
	if !globalReplicationPool.IsSet() {
		globalReplicationPool.Set(nil)
	}
	testServer.Obj = objLayer
	testServer.rawDiskPaths = disks
	testServer.Disks = mustGetPoolEndpoints(0, disks...)
	testServer.AccessKey = credentials.AccessKey
	testServer.SecretKey = credentials.SecretKey

    .getData()
  logger.info("Using elastic artifactory repos")
  Closure configCache = {
    return {
      name "artifactory-gradle-release"
      url "https://artifactory.elstc.co/artifactory/gradle-release"
      credentials {
        username artifactoryCredentials.get("username")
        password artifactoryCredentials.get("token")
      }
    }
  }
  settingsEvaluated { settings ->
    settings.pluginManagement {

        when(config.getMaxRequestRetries()).thenReturn(2);
        when(config.isTraceResourceUsage()).thenReturn(false);
        // Mock credentials to avoid NullPointerException
        when(ctx.getCredentials()).thenReturn(credentials);
        when(credentials.getUserDomain()).thenReturn("DOMAIN");
        // Mock DFS resolver
        when(ctx.getDfs()).thenReturn(dfsResolver);
    }

	// Get current object layer instance.
	objectAPI := newObjectLayerFn()
	if objectAPI == nil || globalNotificationSys == nil {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrServerNotInitialized), r.URL)
		return nil, auth.Credentials{}
	}

	for _, action := range actions {
		// Validate request signature.

    runs-on: ubuntu-latest

    if: github.repository == 'gradle/gradle'

    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
      - name: configure aws credentials
        uses: aws-actions/configure-aws-credentials@v6
        with:
          role-to-assume: arn:aws:iam::992382829881:role/GHASecrets_gradle_all
          aws-region: "eu-central-1"
      - name: get secrets

Dann können wir `secrets.compare_digest()` verwenden, um sicherzustellen, dass `credentials.username` `"stanleyjobson"` und `credentials.password` `"swordfish"` ist.

{* ../../docs_src/security/tutorial007_an_py39.py hl[1,12:24] *}

Dies wäre das gleiche wie:

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # Einen Error zurückgeben
    ...
```

     * server, its credentials will be updated to match the values from the server specification. Repositories without a
     * matching server will have their credentials cleared. Note: This method must be called after
     * {@link #injectMirror(List, List)} or the repositories will end up with the wrong credentials.
     *