OdHOim9+
-----END PRIVATE KEY-----
```

Recommendations
---------------

Typically servers need a held certificate plus a chain of intermediates. Servers only need the
private key for their own certificate. The chain served by a server doesn't need the root
certificate.

The trusted roots don't need to be the same for client and server when using client authentication.

* It is ok for Serializer to be used as a replacement for Java serialization as a migration step.

# Please commit your changes or stash them before you switch branches.

GRADLE_TEMP="$(mktemp -d)"
trap 'rm -rf "${GRADLE_TEMP}"' EXIT

# The Gradle tests need the pom.xml only to read its version number.
# (And the file needs to be two directory levels up from the Gradle build file.)
# TODO(cpovirk): Find a better way to give them that information.
cp pom.xml "${GRADLE_TEMP}"

for version in 5.6.4 7.0.2; do

  export TEST_TMPDIR="${TFCI_MACOS_BAZEL_TEST_DIR_PATH}"
fi

# "TFCI_MACOS_INSTALL_BAZELISK_ENABLE" is used to decide if we need to install
# Bazelisk manually. We enable this for macOS x86 builds as those VMs do not
# have Bazelisk pre-installed. "TFCI_MACOS_INSTALL_BAZELISK_URL" contains the
# link to the Bazelisk binary which needs to be downloaded.
if [[ "${TFCI_MACOS_INSTALL_BAZELISK_ENABLE}" == 1 ]]; then

]
```

These are **JavaScript** objects, not strings, so you can't pass them from Python code directly.

    #  The list of table DB names that need to be quoted. Specified tables is quoted on auto-generated SQL.
    #
    #; quoteTableNameList = list:{}
    # - - - - - - - - - -/

    # /- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    # o quoteColumnNameList: (NotRequired - Default list:{})
    #  The list of column DB names that need to be quoted. Specified columns is quoted on auto-generated SQL.
    #

*
```

///

## Install Packages

After activating the environment, you can install packages in it.

/// tip

Do this **once** when installing or upgrading the packages your project needs.

If you need to upgrade a version or add a new package you would **do this again**.

///

### Install Packages Directly

## Configuration protocol

Ztunnel, of course, needs to be dynamically configured in order to make decisions on how it should handle traffic.
For this purpose, we chose to use xDS transport protocol due to our expertise and existing infrastructure, and because the protocol is well suited to our needs.

So we have a dedicated thread for every socket that just reads frames and dispatches them.

* The frontend stores that token temporarily somewhere.
* The user clicks in the frontend to go to another section of the frontend web app.
* The frontend needs to fetch some more data from the API.
    * But it needs authentication for that specific endpoint.
    * So, to authenticate with our API, it sends a header `Authorization` with a value of `Bearer ` plus the token.