Introduction
Migrating from Xamarin.Forms to .NET MAUI
Globalization and Localization
Knowledge Base
API Reference
Download & Installation / Installing with NuGet / Using NuGet in CI Workflows
New to Telerik UI for .NET MAUIStart a free 30-day trial

Using NuGet Packages in a CI Workflow

Updated on Oct 24, 2025

This article describes how to use token-based authentication for the Telerik NuGet feed. You will learn how to create and use NuGet API keys to restore Telerik NuGet packages in your Continuous Integration (CI) workflow.

When you need to restore Telerik NuGet packages as part of your CI, using API Keys provides a secure way to authenticate. This method does not require you to provide your Telerik username and password anywhere in the CI workflow. Unlike your Telerik credentials, an API Key has a limited scope and can be used only with the Telerik NuGet server. If any of your API Keys is compromised, you can quickly delete it and create a new one.

Generating API Keys

As the Telerik NuGet server requires authentication, the first step is to obtain an API key that you will use instead of a password. Using an API key instead of a password is a more secure approach, especially when working with .NET CLI or the NuGet.Config file.

  1. Go to the API Keys page in your Telerik account.

  2. Click Generate New Key +.

    Manage API Keys

  3. In the Key Note field, add a note that describes the API key.

  4. Click Generate Key.

  5. Select Copy and Close. Once you close the window, you can no longer copy the generated key. For security reasons, the API Keys page displays only a portion of the key.

  6. Store the generated NuGet API key as you will need it in the next steps. Whenever you need to authenticate your system with the Telerik NuGet server, use api-key as the username and your generated API key as the password.

API keys expire after two years. Telerik will send you an email when a key is about to expire, but we recommend that you set your own calendar reminder with information about where you used that key: file paths, project links, AzDO and GitHub Action variable names, and so on.

Storing API Keys

Never check in an API Key with your source code or leave it publicly visible in plain text, for example, as a raw key value in a NuGet.Config file. An API Key is valuable, as bad actors can use it to access the NuGet packages that are licensed under your account. A potential key abuse can lead to a review of the affected account.

To protect the API Key, store it as a secret environment variable. The exact steps depend on your workflow:

  • In GitHub Actions, save the key as a GitHub Actions Secret. Go to Settings > Security > Secrets > Actions > Add new secret.

  • In Azure DevOps Classic, save the key as a secret pipeline variable. Go to the Variables tab and then select Pipeline variables.

  • In Azure DevOps YAML pipelines, save the key as a secret variable as well. Click the YAML editor's Variables button and complete the New variable form.

If you use Azure DevOps Service connection instead of secret environment variables, enter api-key in the username filed and the API Key as the password in the New NuGet service connection form editor.

For more details on storing and protecting your API Key, check the Announcing NuGet Keys blog post by Lance McCarthy.

Using an API Key

There are two popular ways to use the Telerik NuGet server in a build:

For more information on how to use API Keys in a build, check the Announcing NuGet Keys blog post by Lance McCarthy.

Using a NuGet.Config File with Your Projects

1. In your NuGet.Config file, set the Username value to api-key and the ClearTextPassword value to an environment variable name:

xml
<configuration>
    <packageSources>
        <clear/>
        <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
        <add key="MyTelerikFeed" value="https://nuget.telerik.com/v3/index.json" protocolVersion="3"/>
    </packageSources>
    <packageSourceCredentials>
        <MyTelerikFeed>
        <add key="Username" value="api-key" />
        <add key="ClearTextPassword" value="%MY_API_KEY%" />
        </MyTelerikFeed>
    </packageSourceCredentials>
</configuration>

2. Set the MY_API_KEY environment variable by using the value of your pipeline/workflow secret.

The exact steps to set the MY_API_KEY environment variable depend on your workflow. For more details, refer to the Announcing NuGet Keys blog post by Lance McCarthy.

Using .NET CLI Commands

You can use the CLI add source (or update source) command to set the credentials of a package source. This CLI approach is applicable if your CI system doesn't support default environment variable secrets or if you do not use a custom NuGet.Config.

  • To set the credentials in Azure DevOps:
SH
dotnet nuget add source 'MyTelerikFeed' --source 'https://nuget.telerik.com/v3/index.json' --username 'api-key' --password '$(TELERIK_NUGET_KEY)' --configfile './nuget.config' --store-password-in-clear-text
  • To set the credentials in GitHub Actions:
SH
dotnet nuget add source 'MyTelerikFeed' --source 'https://nuget.telerik.com/v3/index.json' --username 'api-key' --password '${{ secrets.TELERIK_NUGET_KEY }}' --configfile './nuget.config' --store-password-in-clear-text

Additional Resources

If you start using the Telerik NuGet server in your CI or inter-department workflows, check the two blog posts below. You will learn about the various use cases and find practical implementation details.

See Also

In this article
Generating API KeysStoring API KeysUsing an API KeyUsing a NuGet.Config File with Your ProjectsUsing .NET CLI CommandsAdditional ResourcesSee Also
Not finding the help you need?
Contact Support