{{- if not .Values.existingSecret }}
apiVersion: v1
kind: Secret
metadata:
  name: {{ template "minio.secretName" . }}
  labels:
    app: {{ template "minio.name" . }}
    chart: {{ template "minio.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
type: Opaque
data:
  rootUser: {{ include "minio.root.username" . | b64enc | quote }}
  rootPassword: {{ include "minio.root.password" . | b64enc | quote }}

		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization header for plugin hook endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         EnableHTTP2,
			Description: "Enable experimental HTTP2 support to connect to plugin service" + defaultHelpPostfix(EnableHTTP2),
			Optional:    true,

Wenn wir also ein Pydantic-Objekt `user_in` erstellen, etwa so:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

und dann aufrufen:

```Python
user_dict = user_in.model_dump()
```

          role-to-assume: arn:aws:iam::992382829881:role/GHASecrets_gradle_all
          aws-region: "eu-central-1"
      - name: get secrets
        uses: aws-actions/aws-secretsmanager-get-secrets@v3
        with:
          secret-ids: |
            BOT_GRADLE_GITHUB_TOKEN, gha/gradle/_all/BOT_GRADLE_GITHUB_TOKEN
            TEAMCITY_ACCESS_TOKEN, gha/gradle/_all/TEAMCITY_ACCESS_TOKEN
      - name: Setup java
        uses: actions/setup-java@v5

		},
		config.HelpKV{
			Key:         target.WebhookAuthToken,
			Description: "opaque string or JWT authorization token",
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
			Secret:      true,
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,
			Type:        "sentence",
		},
		config.HelpKV{

                case FessConfig.APP_CIPHER_KEY:
                    return "___change__me___";
                case FessConfig.APP_ENCRYPT_PROPERTY_PATTERN:
                    return ".*password|.*key|.*token|.*secret";
                case FessConfig.APP_EXTENSION_NAMES:
                    return "jpg,jpeg,gif,png";

                case FessConfig.JOB_MAX_CRAWLER_PROCESSES:
                    return "3";

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

接著呼叫：

```Python
user_dict = user_in.model_dump()
```

此時變數 `user_dict` 會是一個承載資料的 `dict`（也就是 `dict`，而非 Pydantic 模型物件）。

若再呼叫：

```Python
print(user_dict)
```

我們會得到一個 Python `dict`：

```Python
{
    'username': 'john',
    'password': 'secret',
    'email': '******@****.***',

          aws-region: "eu-central-1"
      
      - name: Get secrets
        uses: aws-actions/aws-secretsmanager-get-secrets@v3
        with:
          secret-ids: |
            PERFORMANCE_DB_URL, gha/gradle/_all/PERFORMANCE_DB_URL
            PERFORMANCE_DB_USERNAME, gha/gradle/_all/PERFORMANCE_DB_USERNAME

### Configure Casdoor

- Go to Applications
  - Create or use an existing Casdoor application
  - Edit the application
    - Copy `Client ID` and `Client secret`
    - Add your redirect url (callback url) to `Redirect URLs`
    - Save

- Go to Users
  - Edit the user
    - Add your MinIO policy (ex: `readwrite`) in `Tag`
    - Save

          set +x
          VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_ROLE_ID secret_id=$VAULT_SECRET_ID)
          export VAULT_TOKEN
          export data=$(vault read -format=json secret/elasticsearch-ci/azure_thirdparty_test_creds)
          export azure_storage_account=$(echo $data | jq -r .data.account_id)
          export azure_storage_key=$(echo $data | jq -r .data.account_key)
          unset VAULT_TOKEN data