-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get push API key from environment variable #12539
Comments
irrelevant if we just use hardcoded environment variable names. If there are customers who push to multiple feeds and need different API keys find this difficult to work with, they can give us feedback after the hardcoded variable names feature ships. And in full transparency, this comment had two 👍 reactions before I edited this comment. |
Or better yet, skip adding a switch to tell it to use environment variables and jump right straight into expecting that This not only works cross-platform, but also works without ProtectedData which is windows only. |
NuGet Product(s) Involved
dotnet.exe
The Elevator Pitch
When someone wants to push a package, particularly in a CI or deployment script, they don't want secrets like API keys to be used on the command line or output to logs. At the time of writing this feature request, the dotnet CLI doesn't have an equivalent of
setapikey
, but even if it did, it would require the API key to be passed on the command line. Additionally, API keys currently can only be encrypted, and dur to NuGet using .NET's ProtectedData API, which is Windows only, it also means that this doesn't work on Linux or Mac.While we have issues for all the above limitations, I believe the need for most of those other work items will be significantly reduced if
push
itself could read the API key from an environment variable. Since API key is only used for push, not restore or other actions, there often isn't a benefit (at least in a CI script) to store the apikey in a nuget.config file. So, we can eliminate one extra step from customer's scripts if push can read the environment variable directly.Proposal: Add a `--use--environment-variable` argument to `dotnet nuget push`, which when used will treat the values provided to `--api-key` and `--symbol-api-key` as envionrment variable names, rather than as the secret values.Therefore, an example usage would be:
Thanks to @AraHaan for the better idea below:
Push should prefer
--api-key
and--symbol-api-key
, if provided. If not provided, try to get a saved API key from nuget.config (all of this is existing behaviour). Finally, if an API key is still not found, get the environment variableNUGET_API_KEY
andNUGET_SYMBOL_API_KEY
.Additional Context and Details
Relevant other issues:
The text was updated successfully, but these errors were encountered: