Rust 1.74 and `credential-process` Changes

In nightly Rust as of 2023-09-19 (rustc v1.74.0), Cargo requires the [registry.global-credential-providers] key to be configured in ~/.cargo/config.toml to be able to use the registry-auth feature and perform authenticated downloads:

Example config:

# ~/.cargo/config.toml

[registry]
global-credential-providers = ["cargo:token"]

Without configuring global-credential-providers, you may get an error like this when Cargo tries to download a .crate file from the registry server:

$ cargo +nightly check
error: failed to download `my-private-crate v1.2.3 (registry `shipyard-rs`)`

Caused by:
  unable to get packages from source

Caused by:
  authenticated registries require a credential-provider to be configured
  see https://doc.rust-lang.org/cargo/reference/registry-authentication.html for details

Note: the URL in the error message is currently incorrect; the documentation can be found instead at:

https://doc.rust-lang.org/nightly/cargo/reference/registry-authentication.html

The current official documentation recommends also including cargo:libsecret in global-credential-providers on Linux. Including it may result in the following error message:

$ cargo +nightly check
error: failed to download `my-private-crate v1.2.3 (registry `shipyard-rs`)`

Caused by:
  unable to get packages from source

Caused by:
  credential provider `cargo:libsecret` failed action `get`

Caused by:
  failed to load libsecret: try installing the `libsecret` or `libsecret-1-0` package with the system package manager

Caused by:
  libsecret-1.so: cannot open shared object file: No such file or directory

To resolve this error, either remove cargo:libsecret from the list of credentials providers, or install libsecret using your package manager. cargo:token will allow you to use token-based authentication as before the 1.74 changes.

Stabilization of `-Z registry-auth`

With Rust 1.74.0, it looks like the registry-auth feature is on track to finally be stabilized!

When it is stabilized, it will no longer be necessary to include the [unstable] configuration in your ~/.cargo/config.toml, i.e. this section can be removed:

[unstable]
registry-auth = true

If you use multiple versions of Rust in your development work, it may be prudent to leave the unstable configuration in place, despite the warning message from Cargo that it will be ignored (appears in Rust 1.74 and newer).

Shipyard.rs: the Book - Private Cargo Registry Service

Rust 1.74 and credential-process Changes

Stabilization of -Z registry-auth

Rust 1.74 and `credential-process` Changes

Stabilization of `-Z registry-auth`