1. Home
  2. Categories
  3. Support
  4. Creating PowerShell repository, protecting pull/download by API key

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Creating PowerShell repository, protecting pull/download by API key

  • A

    Hello, I'm looking for products to host a NuGet feed for PowerShell modules and ProGet was recommended to me. I notice with Basic $1999 p/year we get security controls. I'm mostly interested in API keys.

    My question is, is it possible to protect the installation/download of modules using normal functions/cmdlets such as Install-module or Update-Module from a ProGet hosted repository, protected with an API key? Ideally I want to avoid exposing the feed publicly with anonymous access.

    The docs only provide examples of using an API key with PowerShell repositories for publishing. https://docs.inedo.com/docs/proget/feeds/powershell

    0
  • atripp
    inedo-engineer

    Hello, for sure!

    It's pretty easy; just don't give the Anonymous user any access to your feeds, and then authentication will always be required, either when browsing the ProGet application or using the API (such as Install-Module).

    When you use the Register-PSRepository command, you can the Credential option to specify a credential.

    This credential can be the name/password of a user inside of ProGet (let's say, Admin:Admin), or it can be username of api with a password of an api key you've configured (so, api:my-secret-key).

    1
  • atripp
    inedo-engineer

    @atripp said in Creating PowerShell repository, protecting pull/download by API key:

    this credential can be the name/password of a user inside of ProGet

    Or a user that's configured in your Active Directory, assuming you have enabled that integration.

    1
  • A

    Excellent, thank you for your response!

    One last question, I promise!

    This isn't a deal breaker but more of a curiosity: using an API key, is it also possible to do more trivial HTTP GET requests to download artefacts/packages from the ProGet feed in a more rudimentary way? Rather than these functions from the PowerShellGet / PackageManagement modules, instead do more trivial things like Invoke-WebRequest -Uri ".." -OutFile ".." -Headers @{Authorization = "Bearer <apikey>"}.

    0
  • atripp
    inedo-engineer

    No problem, ask away :)

    You could. Not sure what the use case would be...

    But, the URLs for NuGet package versions are quite predictable, and you can discover them from the Download button in the UI. For example, the download URL for InedoLib v950.0.7 just looks like https://proget.inedo.com/nuget/NuGetLibraries/package/InedoLib/950.0.7

    The NuGet API does not support Bearer authentication. You can specify an API key when publishing packages (X-NUGET-APIKEY header), and it might work when downloading packages? Haven't tested, and no one asked before. But you could also specify api:<apikey> as the basic auth credentials as well, so I guess that's really easy too.

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation