Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    Support per-user API Keys?

    Scheduled Pinned Locked Moved Support
    securityproget
    2 Posts 1 Posters 12 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      I have multiple developers who can push packages out to a feed we host - at present they all need to share the feed-level API key in order to push packages up. This means if a developer leaves the team I need to issue a new API key.

      Are there any plans to support per-user API Keys?

      Product: ProGet
      Version: 3.8.6

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        You really shouldn't use API keys with ProGet, actually. From the docs:

        An API Key is used by NuGet client tools (such as nuget.exe and NuGet Package Explorer) as an authentication mechanism for publishing packages. It makes a lot of sense for the NuGet Gallery, as it's a community-run site where anyone can publish packages they own.

        In enterprise environments, the notion of individual package ownership doesn't quite translate, nor does the usage of API Keys. With ProGet, a principal (user or group) either has privileges to publish a package to a feed, or does not. This allows ProGet administrators to more easily control access and usage through LDAP and Groups instead of through community mechanisms like API Keys.

        So, if they can authenticate to the feed (using basic auth or windows integrated auth... or even an api key in the form of user:pass), and they are authorized, then the can push a package.

        1 Reply Last reply Reply Quote 0

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • 1 / 1
        • First post
          Last post
        Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation