feat: Add credential helpers by cloudsmith-iduffy · Pull Request #269 · cloudsmith-io/cloudsmith-cli

cloudsmith-iduffy · 2026-02-28T14:57:13Z

Description

Credential helpers for Docker, Terraform, Cargo, npm/pnpm, NuGet,
pip/twine (keyring backend), and conda (plugin). Each uses the shared
credential provider chain and supports custom domains.

Wrapper binaries are thin subprocess delegates to
cloudsmith credential-helper <type>.

Example

Environment setup:

$ env | grep CLOUDSMITH_
CLOUDSMITH_ORG=iduffy-demo
CLOUDSMITH_SERVICE_SLUG=default-v9ty

$ stat ~/.cloudsmith/config.ini
stat: cannot stat '/Users/iduffy/.cloudsmith/config.ini': No such file or directory

$ cloudsmith whoami --verbose
Retrieving your authentication status from the API ... OK

User: default (slug: default-v9ty)

Authentication Method: OIDC Auto-Discovery
  Source: OIDC auto-discovery: AWS (org: iduffy-demo)
  Token Slug: 6FmYSZVQrEho
  Created: 2025-06-07T19:43:47.840466Z

SSO Status: Not configured
  Keyring: Enabled (no tokens stored)

Before configuration:

$ cat ~/.docker/config.json
cat: /Users/iduffy/.docker/config.json: No such file or directory

$ docker pull docker.cloudsmith.io/iduffy-demo/default/library/ubuntu:latest
Error response from daemon: Head "https://docker.cloudsmith.io/v2/iduffy-demo/default/library/ubuntu/manifests/latest": unauthorized

After configuration:

$ cat ~/.docker/config.json
{
  "credHelpers": {
    "docker.cloudsmith.io": "cloudsmith"
  }
}

$ docker pull docker.cloudsmith.io/iduffy-demo/default/library/ubuntu:latest
latest: Pulling from iduffy-demo/default/library/ubuntu
cc43ec4c1381: Pull complete
Digest: sha256:9cbed754112939e914291337b5e554b07ad7c392491dba6daf25eef1332a22e8
Status: Downloaded newer image for docker.cloudsmith.io/iduffy-demo/default/library/ubuntu:latest
docker.cloudsmith.io/iduffy-demo/default/library/ubuntu:latest

Environment setup:

$ pip config list
:env:.default-timeout='100'
:env:.disable-pip-version-check='1'

$ python -c 'import keyring; print(keyring.backend.get_all_keyring())'
[<keyring.backends.fail.Keyring object at 0x1033a4460>, <cloudsmith_cli.credential_helpers.pip.CloudsmithKeyringBackend object at 0x1033a4c80>, <keyring.backends.chainer.ChainerBackend object at 0x1033a5360>, <keyring.backends.macOS.Keyring object at 0x1033a5720>]

Test installation (no credentials in URL):

$ pip install --no-cache-dir --index-url=https://dl.cloudsmith.io/basic/iduffy-demo/default/python/simple/ cloudsmith-python-native
Looking in indexes: https://dl.cloudsmith.io/basic/iduffy-demo/default/python/simple/
Collecting cloudsmith-python-native
  Downloading https://dl.cloudsmith.io/basic/iduffy-demo/default/python/cloudsmith_python_native-1.0.1050047-py2.py3-none-any.whl (2.2 kB)
Requirement already satisfied: toml in /Users/iduffy/projects/cloudsmith-cli/.venv/lib/python3.10/site-packages (from cloudsmith-python-native) (0.10.2)
Installing collected packages: cloudsmith-python-native
Successfully installed cloudsmith-python-native-1.0.1050047

…nd NuGet Extend the credential helper system (from PR #269) with 5 additional package manager integrations, each following the tool's native credential protocol: - Terraform: terraform-credentials-cloudsmith binary - Cargo: cargo-credential-cloudsmith binary (JSON-line protocol) - npm/pnpm: cloudsmith-token-helper binary (tokenHelper) - Conda: cloudsmith-auth plugin (conda auth handler) - NuGet: CredentialProvider.Cloudsmith binary All helpers reuse the shared CredentialProviderChain and custom domain discovery. Includes CLI commands for debugging and example documentation for each package manager. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Credential helpers for Docker, Terraform, Cargo, npm/pnpm, NuGet, pip/twine (keyring backend), and conda (plugin). Each uses the shared credential provider chain and supports custom domains. Wrapper binaries are thin subprocess delegates to `cloudsmith credential-helper <type>`. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

cloudsmith-iduffy requested a review from a team as a code owner February 28, 2026 14:57

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from d582dec to f570bd9 Compare February 28, 2026 15:51

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from f570bd9 to 369a1f1 Compare February 28, 2026 16:13

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from 369a1f1 to b3cf3c2 Compare February 28, 2026 16:25

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from b3cf3c2 to 042af5b Compare February 28, 2026 16:45

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from 042af5b to 64341fe Compare February 28, 2026 16:52

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from 64341fe to b1e8158 Compare February 28, 2026 16:55

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from b1e8158 to d4acf41 Compare February 28, 2026 17:03

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from d4acf41 to 9d76440 Compare February 28, 2026 17:05

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from 9d76440 to f4e62f2 Compare February 28, 2026 17:06

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from f4e62f2 to 522ed12 Compare February 28, 2026 17:07

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from 522ed12 to 7dfcb8d Compare February 28, 2026 17:14

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from 7dfcb8d to f986f91 Compare February 28, 2026 17:17

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch 5 times, most recently from 6989862 to d6d8581 Compare February 28, 2026 18:59

cloudsmith-iduffy force-pushed the iduffy/automatic-oidc branch from e3b1e4a to df70f37 Compare February 28, 2026 19:00

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from d6d8581 to 545d0af Compare February 28, 2026 19:01

cloudsmith-iduffy marked this pull request as draft February 28, 2026 19:10

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch 7 times, most recently from 5c40265 to d12ab03 Compare February 28, 2026 20:48

cloudsmith-iduffy changed the title ~~feat: Add credential helpers for Docker and pip with custom domain support~~ feat: Add credential helpers Feb 28, 2026

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from d12ab03 to a5a1e20 Compare February 28, 2026 21:08

cloudsmith-iduffy force-pushed the iduffy/credential-helper branch from a5a1e20 to f42d00b Compare February 28, 2026 21:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Add credential helpers#269

feat: Add credential helpers#269
cloudsmith-iduffy wants to merge 1 commit intoiduffy/automatic-oidcfrom
iduffy/credential-helper

cloudsmith-iduffy commented Feb 28, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Conversation

cloudsmith-iduffy commented Feb 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Example

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

cloudsmith-iduffy commented Feb 28, 2026 •

edited

Loading