sdk icon indicating copy to clipboard operation
sdk copied to clipboard
verified publisher icon dotnet

Cannot use `dnx` when package is in private feed

Open johnkors opened this issue 1 month ago • 4 comments

Is your feature request related to a problem? Please describe.

I am trying to do run a tool using dnx, where the tool is in github nuget feed, but dnx lacks an command argument for auth.

Describe the solution you'd like

dnx Company.InternalTool.PackageId \
 --source "https://nuget.pkg.github.com/mycompany/index.json" \
+++ --apikey "GITHUB_PAT_HERE"

Additional context

There is no --apikey parameter allowing me to run dnx against a private feed. I have to create a nuget.config-file, which beats the purpose of dnx (one-off, easy to run, etc).

johnkors avatar Nov 22 '25 17:11 johnkors

Does it work for a private Azure DevOps feed using the credential provider? If so the title is misleading and should clarify that.

Frulfump avatar Dec 08 '25 22:12 Frulfump

The issue is unrelated to specific sources. There is no way to pass auth without using a nuget.config.

johnkors avatar Dec 10 '25 07:12 johnkors

The issue is unrelated to specific sources. There is no way to pass auth without using a nuget.config.

When using a private Azure DevOps feed with the credential provider you don't need to explicitly pass auth. So the title is still a bit misleading.

Frulfump avatar Dec 10 '25 11:12 Frulfump

Could you clarify what's misleading? I don't use Azure DevOps and don't really care about Azure DevOps specifics here. Credential providers is just another set of actions you have to do upfront. And that's my issue here: it should be possible to avoid manual tasks before calling dnx (even for private feeds).

johnkors avatar Dec 12 '25 10:12 johnkors

Could you clarify what's misleading? I don't use Azure DevOps and don't really care about Azure DevOps specifics here. Credential providers is just another set of actions you have to do upfront. And that's my issue here: it should be possible to avoid manual tasks before calling dnx (even for private feeds).

That seems like another issue. The issue in the description here mentions that the actual issue is the missing API key argument. The title makes it seem like no private feed can be used which as we have concluded is not true.

Frulfump avatar Dec 14 '25 07:12 Frulfump

Ok - I'll adapt it to clarify the missing auth pieces.

johnkors avatar Dec 14 '25 17:12 johnkors

Just to pinpoint how asymmetric this currently is. A maintainer can push a nuget using an API-key, but a client cannot fetch a package with an API-key.

✅ dotnet nuget push mypackage.nupkg --source "https://nuget.pkg.github.com/mycompany/index.json" --api-key <push-key>
❌ dnx mypackage  --source "https://nuget.pkg.github.com/mycompany/index.json" --api-key <read-key>

johnkors avatar Dec 15 '25 08:12 johnkors