3 releases (stable)
| new 1.1.0 | Feb 9, 2025 |
|---|---|
| 1.0.0 | Sep 2, 2024 |
| 0.1.0 | Aug 1, 2024 |
#89 in Cargo plugins
106 downloads per month
20KB
337 lines
cargo-credential-pass
A Cargo credential provider for pass.
- No config needed[^cargo]
- Stores encrypted tokens in your password store with all your other secrets
- Automatically encrypts using your password store GPG key
- Works great with keys stored on HSMs too (hello YubiKey!)
Because no one likes plaintext credentials on disk :(
Use It
- Install
cargo-credential-pass:
% cargo install --locked cargo-credential-pass
- Configure Cargo to use this credential provider:
[registry]
global-credential-providers = ["cargo-credential-pass"]
- Login!
cargo loginwill pop up your editor - paste your registry token and close the window.
Your token will now be stored as an encrypted text file in
$PASSWORD_STORE_DIR/cargo-registry/<registery-name>.token.
That's it - you're good to go!
(Optionally) Configure It
Token Directory
You override where the tokens are stored in the password store, replacing the
the default cargo-registry subdir:
[registry]
global-credential-providers = ["cargo-credential-pass cargo-tokens/live/here/"]
Note the trailing / is important - it indicates the directory to be used for
storing tokens, and the filename will be automatically derived.
Exact Token Path
A path without the trailing / will be interpreted as the exact token path
(inc. filename) to use.
This is helpful for setting per-registry token paths like below, but an exact path can only be used by 1 registry:
[registries.my-work-registry]
credential-provider = ["cargo-credential-pass work/cargo-token.secret"]
[^cargo]: Kinda - only cargo required!
Dependencies
~1.5–9MB
~83K SLoC