```

```
mc stat myminio/bucket/test.file
Name      : test.file
...
Encrypted :
  X-Amz-Server-Side-Encryption: AES256
```

## Encrypted Private Key

MinIO supports encrypted KES client private keys. Therefore, you can use
an password-protected private keys for `MINIO_KMS_KES_KEY_FILE`.

	errInvalidSSEParameters           = errors.New("The SSE-C key for key-rotation is not correct") // special access denied
	errKMSNotConfigured               = errors.New("KMS not configured for a server side encrypted objects")
	errKMSKeyNotFound                 = errors.New("Unknown KMS key ID")
	errKMSDefaultKeyAlreadyConfigured = errors.New("A default encryption already exists on KMS")
	// Additional MinIO errors for SSE-C requests.

    private int capability;
    private int linkSpeed; // In units of 1 Mbps
    private byte[] sockaddrStorage;
    private InetAddress address;
    private boolean ipv6;
    private boolean rssCapable; // Receive Side Scaling
    private boolean rdmaCapable;

    /**
     * Create network interface info
     *
     * @param address interface address
     * @param linkSpeed link speed in Mbps
     */

- Support server-side dry-run in kubectl with --dry-run=server for commands including apply, patch, create, run, annotate,...

   * returned from {@link #asMapOfRanges} will be different if there were existing entries which
   * connect to the given range and value.
   *
   * <p>Even if the input range is empty, if it is connected on both sides by ranges mapped to the
   * same value those two ranges will be coalesced.
   *
   * <p><b>Note:</b> coalescing requires calling {@code .equals()} on any connected values, which

  integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==

side-channel@^1.0.4:
  version "1.0.4"
  resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.4.tgz#efce5c8fdc104ee751b25c58d4290011fa5ea2cf"
  integrity sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==

        try {
            krbNameOid = new Oid("1.2.840.113554.1.2.2.1");
            krbMechOid = new Oid("1.2.840.113554.1.2.2");
        } catch (Exception e) {
            log.error("Failed to initialize kerberos OIDs", e);
        }

        JGSS_KRB5_NAME_OID = krbNameOid;
        JGSS_KRB5_MECH_OID = krbMechOid;
    }

    private final GSSContext gssContext;
    private final GSSName clientName;

This, of course, is not optimal and you wouldn't use it for production.

In production you would have one of the options above.

But it's the simplest way to focus on the server-side of WebSockets and have a working example:

{* ../../docs_src/websockets/tutorial001.py hl[2,6:38,41:43] *}

## Create a `websocket` { #create-a-websocket }

In your **FastAPI** application, create a `websocket`:

			fv:   defaultFormVals.Clone().Set(xhttp.AmzAccessKeyID, "access").Set(xhttp.AmzSignatureV2, "signature-value"),
		},
		{
			name: "any form value starting with X-Amz-Server-Side-Encryption- does not have to appear in policy",
			fv: defaultFormVals.Clone().
				Set(xhttp.AmzServerSideEncryptionKmsContext, "context-val").
				Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, "algo-val"),
		},
	}

	allConfigs := r.Form.Get("allConfigs") == "true"
	if cfgName == "" && !allConfigs {
		cfgName = madmin.Default
	}

	if isAll && len(userList) > 0 {
		// This should be checked on client side, so return generic error
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL)
		return
	}

	// Empty DN list and not self, list access keys for all users
	if isAll {