8

Closed

packageSourceCredentials does not accept plain text credentials

description

This is related to the issue http://nuget.codeplex.com/workitem/1744 the current implementation of packageSourceCredentials is effectively worthless. It requires bonding passwords to specific machines, there is almost zero use case for this to provide value. The only scenarios this has any meaning would perhaps be in an iron fist ruled network where developers aren't even given direct access to their internal nuget feed.

packageSourceCredentials really just needs to support plain text passwords. Some suggestions

<add key="PasswordPlaintext" value="RegularPassword">

<add key="UnsecurePassword" value="RegularPassword">

etc
Closed Apr 12, 2013 at 8:26 AM by JeffHandley

comments

pranavkm wrote Jan 28, 2013 at 6:20 PM

Presumably this option should also work for API Keys

dotnetjunky wrote Jan 31, 2013 at 11:09 PM

We will accept pull request for this feature.

XavierDecoster wrote Feb 1, 2013 at 9:12 PM

Just submitted a pull request to support sharing of clear-text passwords in hierarchical nuget.configs.
Pull Request

Philosophy: NuGet always saves encrypted packagesource credentials. Only user can deviate to clear-text in local nuget.config by adding a <add key="ClearTextPassword" value="topsecret"/> element to the <PackageSource>.

It's a start :)

dotnetchris wrote Feb 4, 2013 at 4:50 PM

Is there a way I can beta this pull request?

XavierDecoster wrote Feb 4, 2013 at 7:24 PM

@dotnetchris There is. Consume my build of the NuGet.CommandLine from my personal MyGet feed at http://www.myget.org/F/xavierdecoster/

dotnetjunky wrote Mar 24, 2013 at 5:44 PM

Fixed in changeset 26f2e70d610f

dotnetjunky wrote Mar 28, 2013 at 6:07 PM

Fixed in changeset 26f2e70d610f9549916399be77842ef278aed8c8

deepakverma wrote Apr 11, 2013 at 7:24 PM

** Closed by deepakverma 04/11/2013 11:24AM