Options for Older Rust Versions

In Rust 1.74, proper authentication was stabilized in Cargo.

For older Rust versions, Shipyard.rs supports additional options for authentication.

Passing Auth Token Via User-Agent Header

Prior to the authentication being stabilized, Shipyard.rs provided a temporary solution to perform authenticated crate downloads, using the "User-Agent" HTTP header.

Note: Using the "User-Agent" header to pass an auth token is not ideal. If you are using Rust 1.74 or newer, a better solution is to use authentication supported by Cargo, by configuring the credential-process section of your Cargo config.

Configuring User-Agent Header

There is a somewhat obscure configuration option to specify the "User-Agent" header that cargo sends as part of all of its requests, which defaults to the cargo version number being used.

Shipyard.rs will first check requests for the presence of an "Authorization" header, but will fall back to checking for a "User-Agent" header in a specific format, which will be used as a fallback.

For an example auth token with the dummy value AxzHJS6gWK=, the cargo "User-Agent" setting would be configured by adding this to ~/.cargo/config.toml:

# set a custom user-agent header value for cargo requests:
[http]
user-agent = "shipyard AxzHJS6gWK="

See the configuration docs for additional details.

Using the "User-Agent" header to pass an authorization token is less than ideal and temporary. However, for what it is worth, our servers have been configured not to log the "User-Agent" header for requests that might contain an authentication token in the header value.

Shipyard.rs: the Book - Private Cargo Registry Service

Options for Older Rust Versions

Passing Auth Token Via User-Agent Header

Configuring User-Agent Header