Skip to content

Document authenticating to private build registries#933

Open
danbarr wants to merge 4 commits into
mainfrom
document-build-registry-auth
Open

Document authenticating to private build registries#933
danbarr wants to merge 4 commits into
mainfrom
document-build-registry-auth

Conversation

@danbarr

@danbarr danbarr commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Description

Authentication support for custom package registries shipped in stacklok/toolhive#2860 (the --from-secret and --from-env flags on thv config set-build-env), but the build guide only documented setting plaintext build environment variables. This adds an "Authenticate to private registries" subsection to the custom package registries section, covering how to supply credentials from a ToolHive secret or the shell environment so they stay out of the config file, with a note on build-time resolution into the builder stage only.

It also documents the related thv config set-build-auth-file command family (npmrc/netrc/yarnrc credential files, with --stdin input and get/unset companions), which is the file-based counterpart to the environment-variable path and was likewise undocumented.

Type of change

  • Documentation update

Related issues/PRs

Closes #359. Also addresses the set-build-auth-file build-auth gap tracked in #654 (high-priority gap #8). Feature reference: stacklok/toolhive#2860.

@danbarr @claude
Document authenticating to private build registries
9b07197 
The custom package registries section covered setting plaintext build
environment variables but not how to supply credentials. Add an
'Authenticate to private registries' subsection covering the
--from-secret and --from-env flags on thv config set-build-env, which
keep credentials out of the configuration file.

Closes #359.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 12, 2026 02:57
@vercel

vercel Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs-website Ready Ready Preview, Comment Jun 12, 2026 2:51pm

Request Review

Copilot AI reviewed Jun 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the ToolHive CLI “Build containers” guide to document how to authenticate to private/custom package registries without storing credentials in plaintext in the ToolHive config file, aligning the guide with the --from-secret and --from-env support added to thv config set-build-env.

Changes:

  • Add an “Authenticate to private registries” subsection under “Custom package registries”.
  • Document thv config set-build-env --from-secret and --from-env workflows with examples.
  • Add a tip explaining how thv config get-build-env displays secret/shell-backed values as references.

@danbarr danbarr requested a review from JAORMX June 12, 2026 04:17
@danbarr danbarr mentioned this pull request Jun 12, 2026
Open
@danbarr @claude
Document set-build-auth-file for credential files
d684340 
Add an 'Authenticate with a credential file' subsection covering thv
config set-build-auth-file (npmrc/netrc/yarnrc), the --stdin input
mode, the secrets-manager storage model, and the get/unset commands.
Complements the set-build-env credential path and addresses the
build-auth-file gap from #654.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@danbarr @claude
Document runtime image build customization flags
c06d4ab 
Add a 'Customize the runtime image' subsection covering --runtime-image
and --runtime-add-package for protocol-scheme builds. Addresses the
build customization gap from #654.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@danbarr danbarr mentioned this pull request Jun 12, 2026
Open
danbarr added a commit that referenced this pull request Jun 12, 2026
@danbarr @claude
Document runtime image flags on thv run
e84a442 
Add --runtime-image and --runtime-add-package under protocol schemes
in the run guide. These are thv run flags that customize the on-demand
protocol-scheme build; they're not available on thv build. Corrects the
misplaced build-guide section reverted from #933.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@danbarr danbarr enabled auto-merge (squash) June 12, 2026 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JAORMX JAORMX Awaiting requested review from JAORMX

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Gap]: Document authenticating to custom build registries

2 participants

@danbarr