dotnet restore command not using packageSourceCredentials from local nuget.config

Question

We are planning to migrate our NuGet package repository from GitHub Packages to AWS CodeArtifact. However, we’ve encountered a difference in how the dotnet restore command behaves when using these two sources. For GitHub Packages, we would store a service account or personal PAT in the local nuget.config file, but this approach doesn't work with AWS CodeArtifact. Instead, we found that for CodeArtifact, the token must be stored in the .aws/credentials file rather than the local nuget.config. If the token is placed only in nuget.config, it doesn't work; it must be in .aws/credentials. Here is how our local nuget filelooks like:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="codeartifact" value="https://{stuff}.codeartifact.eu-north-1.amazonaws.com/nuget/{stuff}/v3/index.json" />
  </packageSources>
  <packageSourceCredentials>
    <codeartifact>
      <add key="Username" value="{accesskey}" />
      <add key="ClearTextPassword" value="{secretkey}" />
    </codeartifact>
  </packageSourceCredentials>
</configuration>

Is there any way we can make it work by storing it in local nuget.config file?

Answer 1

I think you really should go the recommended way using the CodeArtifact NuGet Credential Provider in order to correctly use CodeArtifact authentication and tokens

"Method 3" should be closest to what you are used to

1. Determine CodeArtifact repository

aws codeartifact get-repository-endpoint --domain my_domain --domain-owner 111122223333 --repository my_repo --format nuget

2. Get auth token

aws codeartifact get-authorization-token --domain my_domain

3. Configure nuget

nuget sources add -name domain_name/repo_name -Source https://my_domain-111122223333.d.codeartifact.us-west-2.amazonaws.com/nuget/my_repo/v3/index.json -password token_here -username aws