Duplicated
Last Updated: 01 Mar 2021 10:18 by ADMIN
Mr Chas
Created on: 01 Dec 2020 13:32
Category: UI for Blazor
Type: Feature Request
3
Provide token-based access to the Telerik NuGet feed

I want to use a token to access the Telerik NuGet feed for my CI/CD builds, instead of using credentials.

---

ADMIN EDIT

At the moment, the options for that are:

  • Have an account in your company that is assigned a license and is used for builds. A trusted human developer can also use it to access the components and do their daily work. They should make sure to not change their password, or to notify the people who can update it in the secrets in the CI/CD pipeline immediately.
  • Make your own private nuget feed and ensure the Telerik packages you want in it are available there. It can be as simple as a network location internal to your company. Make sure that this feed is not publicly available, however. When you need to upgrade, make sure to copy the new packages to that feed too so automated builds can access them.

You can read more details and some troubleshooting tips in the CI and CD Automated Builds section of our documentation.

The goal of this request is to provide a way to detach the user credentials from the builds so that they can use their accounts freely, and only provide necessary keys to the build pipeline, and those keys can be updated/revoked as needed. This would also avoid manual work on downloading and copying new nuget packages to a custom feed.

---

Duplicated
This item is a duplicate of an already existing item. You can find the original item here:
4 comments
ADMIN
Marin Bratanov
Posted on: 01 Mar 2021 10:18

Hello everyone,

It turns out I had missed the first time we had such a request logged, so this item is, effectively a duplicate of that initial request. I have moved your votes there to reflect the current demand for this, and I would encourage you to click the Follow button there to get status updates: https://feedback.telerik.com/kendo-jquery-ui/1360439-support-api-key-access-for-private-nuget-feed. Having all the information in one place will streamline communication and updates and will keep all portals tidier. I apologize for this omission on my part.

With the housekeeping out of the way, I have good news - right now we are looking at options already, and at the moment it seems that certificates will be the way to go as the currently most secure and advisable approach (issue, PR). While they would require a little bit of setup, they don't rely on a user account and they don't expose secrets in the URL.

Regards,
Marin Bratanov
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Mr Chas
Posted on: 01 Dec 2020 16:21

Thank you!!

To add: This change would make the dev ops process far more secure as no user credentilas (user id and pwd) would have to be stored in the dev ops pipeline.

ADMIN
Marin Bratanov
Posted on: 01 Dec 2020 14:04

Since the origin of this request is a private ticket noone can access, I added some more details to the opener post to provide context and options. If you have anything to add, you can do it as well.

 

Regards,
Marin Bratanov
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Mr Chas
Posted on: 01 Dec 2020 13:36