displayed in the output of a successful install. Existing secret ---------- Instead of having this chart create the secret for you, you can supply a preexisting secret, much like an existing PersistentVolumeClai. First, create the secret: ```bash kubectl create secret generic my-minio-secret --from-literal=rootUser=foobarbaz --from-literal=rootPassword=foobarbazqux ``` Then install the chart, specifying that you want to use an existing secret: ```bash helm install --set existingSecret=my-minio-secret...

    else:
        return current_user


def test_security_api_key():
    client = TestClient(app, cookies={"key": "secret"})
    response = client.get("/users/me")
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "secret"}


def test_security_api_key_no_key():
    client = TestClient(app)
    response = client.get("/users/me")

		`Root user name (access key) and root password (secret key) are expected to be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`,
	)

	ErrMissingEnvCredentialRootPassword = newErrFn(
		"Missing credential environment variable, \""+EnvRootPassword+"\"",
		"Environment variable \""+EnvRootPassword+"\" is missing",

	// in certain apis (such as Health Diagnostics/Callhome)
	Sensitive bool `json:"-"`

	// Indicates if the value is a secret such as a password that shouldn't be
	// exposed by the server
	Secret bool `json:"-"`

	// Indicates if sub-sys supports multiple targets.
	MultipleTargets bool `json:"multipleTargets"`
}

// HelpKVS - implement order of keys help messages.

    return current_user


client = TestClient(app)


def test_security_api_key():
    response = client.get("/users/me?key=secret")
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "secret"}


def test_security_api_key_no_key():
    response = client.get("/users/me")
    assert response.status_code == 401, response.text

	set -e   # fail if we can't read the keys.
	ACCESS=$(cat /config/rootUser)
	SECRET=$(cat /config/rootPassword)
	set +e # The connections to minio are allowed to fail.
	echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT"
	MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET"
	$MC_COMMAND
	STATUS=$?
	until [ $STATUS = 0 ]; do
		ATTEMPTS=$(expr $ATTEMPTS + 1)

    return current_user


client = TestClient(app)


def test_security_api_key():
    response = client.get("/users/me", headers={"key": "secret"})
    assert response.status_code == 200, response.text
    assert response.json() == {"username": "secret"}


def test_security_api_key_no_key():
    response = client.get("/users/me")
    assert response.status_code == 200, response.text

  2. export MC_HOST_{{ template "minio.fullname" . }}_local=http://$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootUser}" | base64 --decode):$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "minio.secretName" . }} -o jsonpath="{.data.rootPassword}" | base64 --decode)@localhost:{{ .Values.service.port }}

        assertEquals("********", SystemUtil.maskSensitiveValue("password", "secret"));
        assertEquals("********", SystemUtil.maskSensitiveValue("PASSWORD", "secret"));
        assertEquals("********", SystemUtil.maskSensitiveValue("Password", "secret"));
        assertEquals("********", SystemUtil.maskSensitiveValue("PaSsWoRd", "secret"));
    }

    @Test
    public void test_maskSensitiveValue_emptyValue() {

    void testHandlePasswordOnly() throws Exception {
        JAASAuthenticator auth = new JAASAuthenticator("DOM", "user", "secret");
        PasswordCallback pc = new PasswordCallback("pass:", false);
        auth.handle(new Callback[] { pc });
        assertEquals("secret", new String(pc.getPassword()));
    }

    @Test
    @DisplayName("handle: empty user/domain edge yields '@' and null password")