Allow Register-PSRepository to persist credentials
NuGet feeds allow security around both listing/retrieving packages as well as pushing packages. NuGet.exe and other clients further allow you to persist credentials for listing/retrieving packages using the "nuget sources" command. (https://docs.nuget.org/consume/command-line-reference#sources-command)
This persistence is important for two reasons:
1) When you push a package to a secured NuGet feed, NuGet clients generally do a list/read operation first. That list/read operation doesn't contain any API key that you pass along in the push operation. In order for a push to succeed with an API key, you also need to have credentials set for the read operation. You can read about some folks who have been affected by that here: http://inedo.com/support/questions/2319
2) In an unattended/build server scenario, you need the ability to provide credentials for list/read and push in a non-interactive way. If the only way to provide credentials is interactive (e.g., Get-Credential) then there's no way to, say, enable a build server agent to automatically install required scripts to execute a build.
This may somewhat overlap with this other note about Register-PSRepository failing against authenticated endpoints: http://windowsserver.uservoice.com/forums/301869-powershell/suggestions/11678499-register-psrepository-fails-against-authenticated
Thanks for the input. We are investigating this, but can make no commitment at this time.
Chris Maritnez commented
In addition to explicit credentials, PowerShellGet should support NuGet credential providers. That would arguably remedy a great number of these issue and offer more security than just storing credentials
at least is it possible to let pwoershellget to support the credentials in the nuget config ?
Peter Bertok commented
The lack of this feature is an absolute showstopper for cloud/enterprise scenarios. You basically can't use PowerShellGet with visualstudio.com, for example, because that requires an API key that it refuses to cache.
Giovanni Bassi commented
This is important. Corporate Nuget feeds will always be authenticated.
Because of this problem we cannot use Myget to store our corporate powershell modules, which makes the whole packages story useless for us.