### Immutable Secrets and ConfigMaps

Immutable Secrets and ConfigMaps graduates to GA. This feature allows users to specify that the contents of a particular Secret or ConfigMap is immutable for its object lifetime. For such instances, Kubelet will not watch/poll for changes and therefore reducing apiserver load.

	// Presign is not needed for anonymous credentials.
	if accessKeyID == "" || secretAccessKey == "" {
		return errors.New("Presign cannot be generated without access and secret keys")
	}

	region := globalSite.Region()
	date := UTCNow()
	scope := getScope(date, region)
	credential := fmt.Sprintf("%s/%s", accessKeyID, scope)

	// Set URL query.
	query := req.URL.Query()

Autoriza la aplicación de la misma manera que antes.

Usando las credenciales:

Usuario: `johndoe`
Contraseña: `secret`

/// check | Revisa

Observa que en ninguna parte del código está la contraseña en texto claro "`secret`", solo tenemos la versión con hash.

///

<img src="/img/tutorial/security/image08.png">

Llama al endpoint `/users/me/`, obtendrás el response como:

        }
        if (form.oicClientSecret != null && StringUtil.isNotBlank(form.oicClientSecret.replace("*", " "))) {
            fessConfig.setSystemProperty("oic.client.secret", form.oicClientSecret);
        }
        fessConfig.setSystemProperty("oic.auth.server.url", form.oicAuthServerUrl);
        fessConfig.setSystemProperty("oic.token.server.url", form.oicTokenServerUrl);

У Pydantic-моделей есть метод `.model_dump()`, который возвращает `dict` с данными модели.

Поэтому, если мы создадим Pydantic-объект `user_in` таким способом:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

и затем вызовем:

```Python
user_dict = user_in.model_dump()
```

Os modelos Pydantic possuem um método `.model_dump()` que retorna um `dict` com os dados do modelo.

Então, se criarmos um objeto Pydantic `user_in` como:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

e depois chamarmos:

```Python
user_dict = user_in.model_dump()
```

Wenn wir also ein Pydantic-Objekt `user_in` erstellen, etwa so:

```Python
user_in = UserIn(username="john", password="secret", email="******@****.***")
```

und dann aufrufen:

```Python
user_dict = user_in.model_dump()
```

Autorisez l'application de la même manière qu'auparavant.

En utilisant les identifiants :

Nom d'utilisateur : `johndoe`
Mot de passe : `secret`

/// check | Vérifications

Remarquez qu'à aucun endroit du code le mot de passe en clair « secret » n'apparaît, nous n'avons que la version hachée.

///

<img src="/img/tutorial/security/image08.png">

			"X-Minio-Replication-Server-Side-Encryption-Sealed-Key",
			"X-Minio-Replication-Server-Side-Encryption-Iv",
		}
		ssecRep := false
		for _, header := range ssecRepHeaders {
			if val := r.Header.Get(header); val != "" {
				ssecRep = true
				break
			}
		}
		if !ssecRep || !sourceReplReq {
			if err = setEncryptionMetadata(r, bucket, object, encMetadata); err != nil {

                return appValue.get();
            }

            @Override
            public String getAppEncryptPropertyPattern() {
                return ".*password|.*key|.*token|.*secret";
            }
        });
        final String now = String.valueOf(System.currentTimeMillis());
        helper.updateSystemProperties();
        assertNull(System.getProperty("fess." + now));