From 29d5f6a1a58532de95a292fcb1d200e9c696a0bf Mon Sep 17 00:00:00 2001
From: Nathan Fritz <fritzy@github.com>
Date: Tue, 18 Oct 2022 15:22:39 -0700
Subject: [PATCH] feat: deprecated `key`, `cert` config options and updated
 registry scoped auth docs

---
 docs/lib/content/configuring-npm/npmrc.md |  9 +++++++++
 docs/lib/content/using-npm/registry.md    |  3 +++
 lib/utils/config/definitions.js           | 14 ++++++++++++++
 3 files changed, 26 insertions(+)

diff --git a/docs/lib/content/configuring-npm/npmrc.md b/docs/lib/content/configuring-npm/npmrc.md
index d252f09b81a68..8cd532abc1c2d 100644
--- a/docs/lib/content/configuring-npm/npmrc.md
+++ b/docs/lib/content/configuring-npm/npmrc.md
@@ -97,6 +97,15 @@ The settings `_auth`, `_authToken`, `username` and `_password` must all be
 scoped to a specific registry. This ensures that `npm` will never send
 credentials to the wrong host.
 
+The full list is:
+ - `_auth` (base64 authentication string)
+ - `_authToken` (authentication token)
+ - `username`
+ - `_password`
+ - `email`
+ - `certfile` (path to certificate file)
+ - `keyfile` (path to key file)
+
 In order to scope these values, they must be prefixed by a URI fragment.
 If the credential is meant for any request to a registry on a single host,
 the scope may look like `//registry.npmjs.org/:`. If it must be scoped to a
diff --git a/docs/lib/content/using-npm/registry.md b/docs/lib/content/using-npm/registry.md
index 5fab60ff4d49c..8d5ac94160b33 100644
--- a/docs/lib/content/using-npm/registry.md
+++ b/docs/lib/content/using-npm/registry.md
@@ -31,6 +31,9 @@ used, which is supplied by the [`registry` config](/using-npm/config#registry)
 parameter.  See [`npm config`](/commands/npm-config),
 [`npmrc`](/configuring-npm/npmrc), and [`config`](/using-npm/config) for more on
 managing npm's configuration.
+Authentication configuration such as auth tokens and certificates are configured
+specifically scoped to an individual registry. See
+[Auth Related Configuration](/configuring-npm/npmrc#auth-related-configuration)
 
 When the default registry is used in a package-lock or shrinkwrap is has the
 special meaning of "the currently configured registry". If you create a lock
diff --git a/lib/utils/config/definitions.js b/lib/utils/config/definitions.js
index c9d76249c7b1e..a1af707c4db47 100644
--- a/lib/utils/config/definitions.js
+++ b/lib/utils/config/definitions.js
@@ -422,6 +422,13 @@ define('cert', {
     It is _not_ the path to a certificate file, though you can set a registry-scoped
     "certfile" path like "//other-registry.tld/:certfile=/path/to/cert.pem".
   `,
+  deprecated: `
+    \`key\` and \`cert\` are no longer used for most registry operations.
+    Use registry scoped \`keyfile\` and \`certfile\` instead.
+    Example:
+    //other-registry.tld/:keyfile=/path/to/key.pem
+    //other-registry.tld/:certfile=/path/to/cert.crt
+  `,
   flatten,
 })
 
@@ -1104,6 +1111,13 @@ define('key', {
     It is _not_ the path to a key file, though you can set a registry-scoped
     "keyfile" path like "//other-registry.tld/:keyfile=/path/to/key.pem".
   `,
+  deprecated: `
+    \`key\` and \`cert\` are no longer used for most registry operations.
+    Use registry scoped \`keyfile\` and \`certfile\` instead.
+    Example:
+    //other-registry.tld/:keyfile=/path/to/key.pem
+    //other-registry.tld/:certfile=/path/to/cert.crt
+  `,
   flatten,
 })