NuGet API key invalidation

1 Answer 93 Views
General Discussions
Rafał
Top achievements
Rank 1
Iron
Rafał asked on 10 Dec 2023, 10:55 AM

Hello,

I'm trying to figure out how does the NuGet API Key works for Telerik feed when it comes to security. I created an API Key on my account for the NuGet feed. I used it in Visual Studio via NuGet.config file method. Everything was working fine. Then I deleted the API Key from my account. I made the test again and everything seems to still work in Visual Studio.

I was under the impression that the key should be invalidated and stop working after I deleted it. How does it work exactly so I can make sure I can use it in a safe way? Does the key still work after deletion until it's expiration date?

1 Answer, 1 is accepted

Sort by
0
Accepted
Rafał
Top achievements
Rank 1
Iron
answered on 10 Dec 2023, 11:29 AM | edited on 10 Dec 2023, 11:30 AM
It seems that after I waited a bit longer the key go invalidated as Visual Studio asked me for credentials. I'm not sure where is this delay coming from, but I guess it works as intended.
Dimo
Telerik team
commented on 11 Dec 2023, 08:46 AM

Rafał - our credentials caching is relatively short (10 minutes), but there are two places where our packages reside and there may not be а need to make a remote request immediately -

  • the bin folder in the app
  • the NuGet cache folder on the machine
Rafał
Top achievements
Rank 1
Iron
commented on 11 Dec 2023, 10:11 AM

Thanks for the information. I was already aware about NuGet package caching so I was getting different packages during testing. It seems the delay was just the credentials caching you mentioned that I wasn't aware about. Everything is working fine.
Tags
General Discussions
Asked by
Rafał
Top achievements
Rank 1
Iron
Answers by
Rafał
Top achievements
Rank 1
Iron
Share this question
or