-
Notifications
You must be signed in to change notification settings - Fork 258
Multiple API Keys
Harikrishna Menon edited this page Sep 21, 2016
·
17 revisions
Currently, NuGet.org users can only create a Single API key for all their packages. For large GitHub organizations, it is necessary that multiple API keys be created that be scoped to specific actions and packages to prevent a single leak from compromising all the packages. In addition, this enables us to hide the API keys after a one-time generation further reducing the risk and enabling users to create keys with specific privileges.
Large GitHub organizations or users with multiple packages and contributors
- Security Push
- Feedback from customers during the Expiring API keys discussion
The key user workflows we want to enable is the following
- Enable users to create multiple API keys with a name and expiration range similar to current API keys.
- Restrict privileges of API keys to one or more packages
- Restrict key privileges to specific NuGet.org actions like Push, Un-list and Update
- Notify Users on new key creation
Check out the proposals in the accepted & proposed folders on the repository, and active PRs for proposals being discussed today.