Access Control
Manage who and what can access your packages and containers.
⏱️ 5 min read
Overview
NugetHosting provides granular access control through API tokens with specific scopes. This allows you to:
- Limit what each token can do
- Create read-only tokens for CI/CD downloads
- Create push-only tokens for publishing
- Revoke access without changing your password
Token Scopes
Each token can have one or more scopes:
| Scope | Allows | Use Case |
|---|---|---|
nuget:pull | Download packages | CI/CD restore, dev machines |
nuget:push | Upload packages | CI/CD publish |
container:pull | Pull container images | Kubernetes, deployments |
container:push | Push container images | CI/CD build & push |
read | Read API access | Monitoring, dashboards |
write | Full API access | Admin tasks, automation |
Security Best Practices
✓
Principle of Least Privilege
Only grant the minimum scopes needed for each token.
✓
Separate Tokens per Environment
Use different tokens for development, staging, and production.
✓
Rotate Tokens Regularly
Create new tokens and revoke old ones periodically (e.g., quarterly).
✓
Use Descriptive Names
Name tokens clearly so you know their purpose (e.g., "GitHub Actions - myapp repo").
✗
Never Share Tokens
Each user or service should have its own token.
✗
Never Commit Tokens to Git
Use environment variables or secret managers.
Audit Log
Track all activity on your account:
- Package uploads and downloads
- Container pushes and pulls
- Token creation and revocation
- Login attempts (successful and failed)
- Settings changes
To view your audit log:
- Go to Settings → Security
- Click "View Audit Log"
- Filter by date range, event type, or IP address
💡 Pro Plan: Extended audit log retention (90 days) is available on Pro and Enterprise plans.