[server] ### The externally-reachable root URL of this registry. ## This is required, and it will be used to populate the response for the /index/config.json file. ## ## NOTE: If you get mysterious 404s on publish, try removing trailing slashes from this setting, ## or set RUST_DEBUG=quartermaster=debug and inspect the logs to see what URLs cargo is requesting. ## ## For example, with the setting below, you shoould set the registry URL in `.cargo/config.toml` to ## `sparse+https://foo.bar/index/` root_url = "https://foo.bar" ### Addresses to bind to. Defaults to 0.0.0.0:8000 and [::]:8000. #bind = ["10.1.1.1:1234"] [crates] ### The maximum size of a crate publish payload allowed by this registry. Defaults to 100 MiB. ## Supports human-readable prefixes (KB, MB, KiB, etc.) #max_publish_size = "100 MiB" [auth] ### Disable auth entirely, and allow all requests. ## This is generally a bad idea, even with a reverse proxy or VPN in front of Quartermaster. type = "none" ### Simple auth based on a single token hash provided by the configuration. ## ## The config doesn't store the token itself to prevent accidentally leaking it, and instead it ## stores a SHA-512 hash of it. ## The token is any arbitrary string, and should be generated using cryptographically secure ## randomness, with sufficient entropy to resist a brute-force cracking attempt should an attacker ## gain access to the hash. ## ## For example, on Linux you can generate a 64-byte (512 bits of entropy) token and hash like this: ## `openssl rand -hex 64 | tee token | tr -d '\n' | sha512sum | awk '{print $1}' > token_hash` #type = "token" #token_hash = "a very secure token hash" [storage] ### Local filesystem storage. ## Stores all crates and index files using local files. type = "local" path = "/crates" ### S3 storage. ## Stores all crates and index files using S3. The directory layout is identical to the local storage. ## The bucket and region keys are required. #type = "s3" #bucket = "my-crates" #region = "ap-southeast-2" ### Automatically try to find credentials. ## If none of the specific credential settings are specified and `auto_credentials` is true, ## rust-s3 will attempt to find valid credentials automatically by looking at standard ## used environment variables and config files. ## This generally does the right thing and is fine for testing, but you should turn it off and ## specify the credentials manually in a production environment. #auto_credentials = true ### Explicit access/secret key credentials, and optionally a security/session token. ## The environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SECURITY_TOKEN` ## and `AWS_SESSION_TOKEN` are also checked if the corresponding config value isn't set. #aws_access_key_id = "foo" #aws_secret_access_key = "shoosh" #aws_security_token = "foo" #aws_session_token = "foo" ### Fetch credentials through an STS request. ## The environment variables `AWS_ROLE_ARN` and `AWS_WEB_IDENTITY_TOKEN_FILE` are also checked if ## the corresponding config value isn't set. #sts_session_name = "quartermaster" #sts_role_arn = "foo" #sts_web_identity_token_file = "foo" ### Use profile credentials. This reads from `~/.aws/credentials`. ## If `profile_section` is specified, use that particular section in the credential file instead of ## the top-level section. #use_profile_credentials = true #profile_section = "quartermaster" ### Fetche credentials from an EC2 instance's metadata. #use_instance_credentials = true