cargo-credential-pass
| Crates.io | cargo-credential-pass |
| lib.rs | cargo-credential-pass |
| version | 1.1.1 |
| created_at | 2024-08-01 22:47:49.175587+00 |
| updated_at | 2025-09-20 11:46:32.813111+00 |
| description | Keep your cargo registry tokens encrypted in your pass store |
| homepage | |
| repository | https://github.com/domodwyer/cargo-credential-pass |
| max_upload_size | |
| id | 1322584 |
| size | 59,833 |
Dom (domodwyer)
documentation
README
cargo-credential-pass
A Cargo credential provider for pass.
- No config needed1
- Stores encrypted tokens in your password store with all your other secrets
- Automatically encrypts using your password store GPG key
- Works great with keys stored on HSMs too (hello YubiKey!)
Because no one likes plaintext credentials on disk :(
Use It
- Install
cargo-credential-pass:
% cargo install --locked cargo-credential-pass
- Configure Cargo to use this credential provider:
[registry]
global-credential-providers = ["cargo-credential-pass"]
- Login!
cargo loginwill pop up your editor - paste your registry token and close the window.
Your token will now be stored as an encrypted text file in
$PASSWORD_STORE_DIR/cargo-registry/<registery-name>.token.
That's it - you're good to go!
(Optionally) Customise It
Token Directory
You can override where the tokens are stored in the password store, replacing
the the default cargo-registry subdir:
[registry]
global-credential-providers = ["cargo-credential-pass cargo-tokens/live/here/"]
Note the trailing / is important - it indicates the directory to be used for
storing tokens, and the filename will be automatically derived.
Exact Token Path
A path without the trailing / will be interpreted as the exact token path
(inc. filename) to use.
This is helpful for setting per-registry token paths like below, but an exact path can only be used by 1 registry:
[registries.my-work-registry]
credential-provider = ["cargo-credential-pass work/cargo-token.secret"]
Footnotes
-
Kinda - only cargo required! ↩