Cargo supports some forms of authentication when using git dependencies and registries. This appendix contains some information for setting up git authentication in a way that works with Cargo.
If you need other authentication methods, the
config value can be set to cause Cargo to execute the
git executable to
handle fetching remote repositories instead of using the built-in support.
This can be enabled with the
HTTPS authentication requires the
credential.helper mechanism. There are
multiple credential helpers, and you specify the one you want to use in your
global git configuration file.
# ~/.gitconfig [credential] helper = store
Cargo does not ask for passwords, so for most helpers you will need to give
the helper the initial username/password before running Cargo. One way to do
this is to run
git clone of the private git repo and enter the
macOS users may want to consider using the osxkeychain helper.
Windows users may want to consider using the GCM helper.
Note: Windows users will need to make sure that the
shshell is available in your
PATH. This typically is available with the Git for Windows installation.
SSH authentication requires
ssh-agent to be running to acquire the SSH key.
Make sure the appropriate environment variables are set up (
most Unix-like systems), and that the correct keys are added (with
Windows can use Pageant (part of PuTTY) or
ssh-agent, Cargo needs to use the OpenSSH that is distributed as part
of Windows, as Cargo does not support the simulated Unix-domain sockets used
by MinGW or Cygwin.
More information about installing with Windows can be found at the Microsoft
installation documentation and the page on key management has instructions
on how to start
ssh-agent and to add keys.
Note: Cargo does not support git’s shorthand SSH URLs like
email@example.com:user/repo.git. Use a full SSH URL like
Note: SSH configuration files (like OpenSSH’s
~/.ssh/config) are not used by Cargo’s built-in SSH library. More advanced requirements should use
When connecting to an SSH host, Cargo must verify the identity of the host
using “known hosts”, which are a list of host keys. Cargo can look for these
known hosts in OpenSSH-style
known_hosts files located in their standard
.ssh/known_hosts in your home directory, or
/etc/ssh/ssh_known_hosts on Unix-like platforms or
%PROGRAMDATA%\ssh\ssh_known_hosts on Windows). More information about these
files can be found in the sshd man page. Alternatively, keys may be
configured in a Cargo configuration file with
When connecting to an SSH host before the known hosts has been configured,
Cargo will display an error message instructing you how to add the host key.
This also includes a “fingerprint”, which is a smaller hash of the host key,
which should be easier to visually verify. The server administrator can get
the fingerprint by running
ssh-keygen against the public key (for example,
ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub). Well-known sites may
publish their fingerprints on the web; for example GitHub posts theirs at
Cargo comes with the host keys for github.com built-in. If those ever change, you can add the new keys to the config or known_hosts file.
Note: Cargo doesn’t support the
known_hostsfiles. To make use of this functionality, use
net.git-fetch-with-cli. This is also a good tip if Cargo’s SSH client isn’t behaving the way you expect it to.