-
Notifications
You must be signed in to change notification settings - Fork 285
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Deploying to gh-pages from @ 40c42a0 🚀
- Loading branch information
Showing
7 changed files
with
217 additions
and
42 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,160 @@ | ||
<!DOCTYPE html> | ||
<html lang="en"> | ||
<head> | ||
<meta charset="utf-8"> | ||
<title>Improved API tokens for crates.io | Rust Blog</title> | ||
<meta name="viewport" content="width=device-width,initial-scale=1.0"> | ||
<meta name="description" content="Empowering everyone to build reliable and efficient software."> | ||
<!-- Twitter card --> | ||
<meta name="twitter:card" content="summary"> | ||
<meta name="twitter:site" content="@rustlang"> | ||
<meta name="twitter:creator" content="@rustlang"> | ||
<meta name="twitter:title" content="Improved API tokens for crates.io | Rust Blog"> | ||
<meta name="twitter:description" content="Empowering everyone to build reliable and efficient software."> | ||
<meta name="twitter:image" content="https://www.rust-lang.org/static/images/rust-social.jpg"> | ||
|
||
<!-- Facebook OpenGraph --> | ||
<meta property="og:title" content="Improved API tokens for crates.io | Rust Blog" /> | ||
<meta property="og:description" content="Empowering everyone to build reliable and efficient software."> | ||
<meta property="og:image" content="https://www.rust-lang.org/static/images/rust-social-wide.jpg" /> | ||
<meta property="og:type" content="website" /> | ||
<meta property="og:locale" content="en_US" /> | ||
|
||
<!-- styles --> | ||
<link rel="stylesheet" href="../../../styles/vendor.css"/> | ||
<link rel="stylesheet" href="../../../styles/fonts.css"/> | ||
<link rel="stylesheet" href="../../../styles/app.css"/> | ||
<link rel="stylesheet" href="../../../styles/highlight.css"/> | ||
|
||
<!-- favicon --> | ||
<link rel="apple-touch-icon" sizes="180x180" href="../../../images/apple-touch-icon.png"> | ||
<link rel="icon" type="image/png" sizes="16x16" href="../../../images/favicon-16x16.png"> | ||
<link rel="icon" type="image/png" sizes="32x32" href="../../../images/favicon-32x32.png"> | ||
<link rel="icon" type="image/svg+xml" href="../../../images/favicon.svg"> | ||
<link rel="manifest" href="../../../images/site.webmanifest"> | ||
<link rel="mask-icon" href="../../../images/safari-pinned-tab.svg" color="#5bbad5"> | ||
<meta name="msapplication-TileColor" content="#00aba9"> | ||
<meta name="theme-color" content="#ffffff"> | ||
|
||
<!-- atom --> | ||
<link type="application/atom+xml" rel="alternate" href="https://blog.rust-lang.org/feed.xml" title="Rust Blog" /> | ||
|
||
</head> | ||
<body> | ||
<nav class="flex flex-row justify-center justify-end-l items-center flex-wrap ph2 pl3-ns pr4-ns"> | ||
<div class="brand flex-auto w-100 w-auto-l self-start tc tl-l"> | ||
<a href="../../../"> | ||
<img class="v-mid ml0-l" alt="Rust Logo" src="../../../images/rust-logo-blk.svg"> | ||
<span class="dib ml1 ml0-l">Rust Blog</span> | ||
</a> | ||
</div> | ||
|
||
<ul class="nav list w-100 w-auto-l flex flex-none flex-row flex-wrap justify-center justify-end-l items-center pv2 ph0 ph4-ns"> | ||
<li class="tc pv2 ph2 ph4-ns flex-20-s"><a href="https://www.rust-lang.org">Rust</a></li> | ||
<li class="tc pv2 ph2 ph4-ns flex-20-s"><a href="https://www.rust-lang.org/tools/install">Install</a></li> | ||
<li class="tc pv2 ph2 ph4-ns flex-20-s"><a href="https://www.rust-lang.org/learn">Learn</a></li> | ||
<li class="tc pv2 ph2 ph4-ns flex-20-s"><a href="https://www.rust-lang.org/tools">Tools</a></li> | ||
<li class="tc pv2 ph2 ph4-ns flex-20-s"><a href="https://www.rust-lang.org/governance">Governance</a></li> | ||
<li class="tc pv2 ph2 ph4-ns flex-20-s"><a href="https://www.rust-lang.org/community">Community</a></li> | ||
</ul> | ||
</nav> | ||
|
||
<section id="Improved API tokens for crates.io" class="white"> | ||
<div class="w-100 mw-none ph3 mw8-m mw8-l center f3"> | ||
<header> | ||
<h2>Improved API tokens for crates.io</h2> | ||
<div class="highlight mt2 mb3"></div> | ||
</header> | ||
|
||
<div class="publish-date-author">June 23, 2023 · Tobias Bieniek | ||
on behalf of <a href="https://www.rust-lang.org/governance/teams/crates-io">the crates.io team</a> | ||
</div> | ||
|
||
<div class="post"> | ||
<p>If you recently generated a new API token on crates.io, you might have noticed | ||
our new API token creation page and some of the new features it now supports.</p> | ||
<p>Previously, when clicking the "New Token" button on <a href="https://crates.io/settings/tokens">https://crates.io/settings/tokens</a>, | ||
you were only provided with the option to choose a token name, without any | ||
additional choices. We knew that we wanted to offer our users more flexibility, | ||
but in the previous user interface that would have been difficult, so our first | ||
step was to build a proper "New API Token" page.</p> | ||
<p>Our roadmap included two essential features known as "token scopes". The first | ||
of them allows you to restrict API tokens to specific operations. For instance, | ||
you can configure a token to solely enable the publishing of new versions for | ||
existing crates, while disallowing the creation of new crates. The second one | ||
offers an optional restriction where tokens can be limited to only work for | ||
specific crate names. If you want to read more about how these features | ||
were planned and implemented you can take a look at our corresponding | ||
<a href="https://github.com/rust-lang/crates.io/issues/5443">tracking issue</a>.</p> | ||
<p>To further enhance the security of crates.io API tokens, we prioritized the | ||
implementation of expiration dates. Since we had already touched most of the | ||
token-related code this was relatively straight-forward. We are delighted to | ||
announce that our "New API Token" page now supports endpoint scopes, crate | ||
scopes and expiration dates:</p> | ||
<p><img src="/images/2023-06-23-improved-api-tokens-for-crates-io/new-api-token-page.png" alt="Screenshot of the "New API Token" page" /></p> | ||
<p>Similar to the API token creation process on github.com, you can choose to not | ||
have any expiration date, use one of the presets, or even choose a custom | ||
expiration date to suit your requirements.</p> | ||
<p>If you come across any issues or have questions, feel free to reach out to us on | ||
<a href="https://rust-lang.zulipchat.com/#narrow/stream/318791-t-crates-io/topic/token.20scopes">Zulip</a> | ||
or open an issue on <a href="https://github.com/rust-lang/crates.io/issues/new/choose">GitHub</a>.</p> | ||
<p>Lastly, we, the crates.io team, would like to express our gratitude to the | ||
<a href="https://openssf.org/community/alpha-omega/">OpenSSF's Alpha-Omega Initiative</a> | ||
and <a href="https://jfrog.com/blog/jfrog-joins-rust-foundation-as-platinum-member/">JFrog</a> | ||
for their contributions to the <a href="https://rustfoundation.org">Rust Foundation</a> | ||
security initiative. Their support has been instrumental in enabling us to | ||
implement these features and undertake extensive security-related work on the | ||
crates.io codebase over the past few months.</p> | ||
|
||
</div> | ||
</div> | ||
</section> | ||
|
||
<footer> | ||
<div class="w-100 mw-none ph3 mw8-m mw9-l center f3"> | ||
<div class="row"> | ||
<div class="four columns mt3 mt0-l" id="get-help"> | ||
<h4>Get help!</h4> | ||
<ul> | ||
<li><a href="https://doc.rust-lang.org" target="_blank" rel="noopener">Documentation</a></li> | ||
<li><a href="mailto:[email protected]">Contact the Rust Team</a></li> | ||
</ul> | ||
</div> | ||
<div class="four columns mt3 mt0-l"> | ||
<h4>Terms and policies</h4> | ||
<ul> | ||
<li><a href="https://www.rust-lang.org/policies/code-of-conduct">Code of Conduct</a></li> | ||
<li><a href="https://www.rust-lang.org/policies/licenses">Licenses</a></li> | ||
<li><a href="https://www.rust-lang.org/policies/media-guide">Logo Policy and Media Guide</a></li> | ||
<li><a href="https://www.rust-lang.org/policies/security">Security Disclosures</a></li> | ||
<li><a href="https://www.rust-lang.org/policies">All Policies</a></li> | ||
</ul> | ||
</div> | ||
<div class="four columns mt3 mt0-l"> | ||
<h4>Social</h4> | ||
<div class="flex flex-row flex-wrap"> | ||
<a href="https://twitter.com/rustlang" target="_blank" rel="noopener" alt="twitter link"><img src="../../../images/twitter.svg" alt="twitter logo" title="Twitter"/></a> | ||
<a href="https://www.youtube.com/channel/UCaYhcUwRBNscFNUKTjgPFiA" target="_blank" rel="noopener" alt="youtube link"><img style="padding-top: 6px; padding-bottom:6px" src="../../../images/youtube.svg" alt="youtube logo" title="YouTube"/></a> | ||
<a href="https://discord.gg/rust-lang" target="_blank" rel="noopener" alt="discord link"><img src="../../../images/discord.svg" alt="discord logo" title="Discord"/></a> | ||
<a href="https://github.com/rust-lang" target="_blank" rel="noopener" alt="github link"><img src="../../../images/github.svg" alt="github logo" title="GitHub"/></a> | ||
</div> | ||
<h4 class="mt4 mb3">RSS</h4> | ||
<ul> | ||
<li><a href="../../../feed.xml">Main Blog</a></li> | ||
<li><a href="../../../inside-rust/feed.xml">"Inside Rust" Blog</a></li> | ||
</ul> | ||
</div> | ||
|
||
</div> | ||
<div class="attribution"> | ||
Maintained by the Rust Team. See a typo? | ||
<a href="https://github.com/rust-lang/blog.rust-lang.org" target="_blank" rel="noopener">Send a fix here</a>! | ||
</div> | ||
</div> | ||
</footer> | ||
|
||
<!-- scripts --> | ||
<script src="../../../scripts/highlight.js"></script> | ||
|
||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file added
BIN
+173 KB
images/2023-06-23-improved-api-tokens-for-crates-io/new-api-token-page.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
{"releases":[],"feed_updated":"2023-06-22T16:41:29+00:00"} | ||
{"releases":[],"feed_updated":"2023-06-23T09:26:28+00:00"} |
Oops, something went wrong.