- Veeam requires TLS connections to the object storage.  This can be configured per <https://min.io/docs/minio/linux/operations/network-encryption.html>
- The S3 bucket, Access Key and Secret Key have to be created before and outside of Veeam.
- Configure the minio client for the Veeam MinIO endpoint - <https://min.io/docs/minio/linux/index.html#quickstart-for-linux>

        @SuppressWarnings("unchecked") // reading data stored by writeMultimap
        V value = (V) stream.readObject();
        values.add(value);
      }
    }
  }

  // Secret sauce for setting final fields; don't make it public.
  static <T> FieldSetter<T> getFieldSetter(Class<T> clazz, String fieldName) {
    try {
      Field field = clazz.getDeclaredField(fieldName);

		name               string
		wantOutputSecret   string
		wantOutputWorkload string
		configNamespace    string
		callPrime          bool
		wantErr            bool
	}{
		{
			name:             "returns expected secret summary onto Stdout",
			callPrime:        true,
			wantOutputSecret: "testdata/secretsummary.txt",
		},
		{
			name:    "errors if config dump is not primed",
			wantErr: true,
		},
		{

./mc mb --ignore-existing sitea/bucket
./mc mb --ignore-existing siteb/bucket

sleep 10s

## Add warm tier
./mc ilm tier add minio sitea WARM-TIER --endpoint http://localhost:9004 --access-key minioadmin --secret-key minioadmin --bucket bucket

## Add ILM rules
./mc ilm add sitea/bucket --transition-days 0 --transition-tier WARM-TIER
./mc ilm rule list sitea/bucket

./mc cp README.md sitea/bucket/README.md

```
kubectl --namespace=federation get secret federation-apiserver-secret -o json | sed 's/federation-apiserver-secret/federation-apiserver-kubeconfig/g' | kubectl create -f -
# optionally, remove the old secret
kubectl delete secret --namespace=federation federation-apiserver-secret
```

	if !compareSignatureV2(v2Auth, expectedAuth) {
		return ErrSignatureDoesNotMatch
	}
	return ErrNone
}

func calculateSignatureV2(stringToSign string, secret string) string {
	hm := hmac.New(sha1.New, []byte(secret))
	hm.Write([]byte(stringToSign))
	return base64.StdEncoding.EncodeToString(hm.Sum(nil))
}

// Return signature-v2 for the presigned request.

	flag.StringVar(&idpEndpoint, "idp-ep", "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token", "IDP token endpoint")
	flag.StringVar(&clientID, "cid", "", "Client ID")
	flag.StringVar(&clientSecret, "csec", "", "Client secret")
}

func getTokenExpiry() (*credentials.ClientGrantsToken, error) {
	data := url.Values{}
	data.Set("grant_type", "client_credentials")

## 👀 ⚫️ 🎯

📂 🎓 🩺: <a href="http://127.0.0.1:8000/docs" class="external-link" target="_blank">http://127.0.0.1:8000/docs</a>.

### 🔓

🖊 "✔" 🔼.

⚙️ 🎓:

👩‍💻: `johndoe`

🔐: `secret`

<img src="/img/tutorial/security/image04.png">

⏮️ 🔗 ⚙️, 👆 🔜 👀 ⚫️ 💖:

<img src="/img/tutorial/security/image05.png">

### 🤚 👆 👍 👩‍💻 💽

🔜 ⚙️ 🛠️ `GET` ⏮️ ➡ `/users/me`.

					Data: map[string]string{
						"mesh": string(util.ReadFile(t, path.Join(testdir, "meshconfig.yaml"))),
					},
				}, metav1.CreateOptions{})
				client.Kube().CoreV1().Secrets("bar").Create(context.Background(), &v1.Secret{
					ObjectMeta: metav1.ObjectMeta{Namespace: "bar", Name: "test"},
					Data: map[string][]byte{
						"token": {},
					},
				}, metav1.CreateOptions{})
			}

ret=$?
if [ $ret -ne 0 ]; then
	echo "BUG: expected no missing entries after decommission: $out"
	exit 1
fi

./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned