/// tip | Tipp

Im Abschnitt über **Deployment** erfahren Sie, wie Sie HTTPS mithilfe von Traefik und Let's Encrypt kostenlos einrichten.

///

## OpenID Connect { #openid-connect }

OpenID Connect ist eine weitere Spezifikation, die auf **OAuth2** basiert.

	data.Owner = owner
	data.Buckets.Buckets = listbuckets

	return data
}

func cleanReservedKeys(metadata map[string]string) map[string]string {
	m := cloneMSS(metadata)

	switch kind, _ := crypto.IsEncrypted(metadata); kind {
	case crypto.S3:
		m[xhttp.AmzServerSideEncryption] = xhttp.AmzEncryptionAES
	case crypto.S3KMS:
		m[xhttp.AmzServerSideEncryption] = xhttp.AmzEncryptionKMS

		"Please check your certificate",
		"",
	)

	ErrTLSNoPassword = newErrFn(
		"Missing TLS password",
		"Please set the password to environment variable `MINIO_CERT_PASSWD` so that the private key can be decrypted",
		"",
	)

	ErrNoCertsAndHTTPSEndpoints = newErrFn(
		"HTTPS specified in endpoints, but no TLS certificate is found on the local machine",
		"Please add TLS certificate or use HTTP endpoints only",

/// tip | Astuce

Dans la section sur le déploiement, vous verrez comment configurer HTTPS gratuitement, en utilisant Traefik et Let's Encrypt.

///

## OpenID Connect { #openid-connect }

OpenID Connect est une autre spécification, basée sur **OAuth2**.

// access to the ETag computed by a low-level io.Reader:
//
//	content := etag.NewReader(r.Body, nil)
//
//	compressedContent := Compress(content)
//	encryptedContent := Encrypt(compressedContent)
//
//	// Now, we need an io.Reader that can access
//	// the ETag computed over the content.
//	reader := etag.Wrap(encryptedContent, content)
func Wrap(wrapped, content io.Reader) io.Reader {

 *  * BER: Basic Encoding Rules.
 *
 * This class was implemented according to the [X.690 spec][[x690]], and under the advice of
 * [Lets Encrypt's ASN.1 and DER][asn1_and_der] guide.
 *
 * [x690]: https://www.itu.int/rec/T-REC-X.690
 * [asn1_and_der]: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/
 */
internal class DerReader(
  source: Source,

		return nil, err
	}
	config.drivercache[tierName] = d
	return d, nil
}

// configReader returns a PutObjReader and ObjectOptions needed to save config
// using a PutObject API. PutObjReader encrypts json encoded tier configurations
// if KMS is enabled, otherwise simply yields the json encoded bytes as is.
// Similarly, ObjectOptions value depends on KMS' status.

		UserDefined:                srcInfo.UserDefined,
		Versioned:                  dstOpts.Versioned,
		VersionID:                  dstOpts.VersionID,
		MTime:                      dstOpts.MTime,
		EncryptFn:                  dstOpts.EncryptFn,
		WantChecksum:               dstOpts.WantChecksum,
		WantServerSideChecksumType: dstOpts.WantServerSideChecksumType,
	}

                // SECURITY WARNING: Unsecure basic authentication is enabled by default.
                // This sends credentials in Base64 encoding over potentially unencrypted connections.
                // For production, it is STRONGLY RECOMMENDED to set spnego.allow.unsecure.basic to false
                // and use HTTPS or more secure authentication methods.

        serverData.sessKey = 0x12345678;
        serverData.scapabilities = 0x8000F3FD; // Various capabilities
        serverData.oemDomainName = "WORKGROUP";
        serverData.securityMode = 0x0F; // User + encrypt passwords + signatures
        serverData.security = 1; // User level
        serverData.encryptedPasswords = true;
        serverData.signaturesEnabled = true;
        serverData.signaturesRequired = false;