Private Registry Server
A private registry server is "the Cadillac" of private crate reuse: a fully-realized solution that offers an experience parallel to seamless experience of adding open source crates hosted at Crates.io, but for your private code.
However, these benefits come at the cost of initial setup, configuration, and, possibly, ongoing server maintenance.
Private registries work like Crates.io, with crate versions published to the server, listed in a git-based metadata index, and available for download from the registry server.
Authentication: Keeping Proprietary Code Secure
A critical difference between how Crates.io works vs. Shipyard.rs is that Shipyard.rs has been carefully designed to require authentication both to publish crate versions to the registry server, as well as download published versions from the registry server.
In some cases, this creates additional configuration steps, e.g. to setup authentication to the crate index git repository, which is private, unlike the open source Crates.io registry index.
In other cases, Cargo is being actively improved to add authentication to categories of requests (namely crate downloads) that previously did not contemplate it.
Private Registry Dependencies: the Quick Version
An example of a private registry dependency:
# Cargo.toml
[dependencies]
krate-search = { version = "0.3", registry = "shipyard-rs" }
In this case, the registry (shipyard-rs
) corresponds to an entry configured in ~/.cargo/config.toml (or other path in the Cargo configuration hierarchy).
Assuming authentication has been configured, Cargo will download this crate (krate-search
) from the shipyard-rs
registry server similar to how it downloads open source crates from the Crates.io registry server.