Cargo registry authentication within docker container

Hello Community,

I have a question regarding the cargo registry authentication with credential providers, maybe someone with experience can give some hints on the topic.

When building inside a docker container, I tried to use the "cargo:libsecret" credential provider for linux with the configuration entry (recommended by Registry Authentication - The Cargo Book (rust-lang.org):

[registry]
global-credential-providers = ["cargo:token", "cargo:libsecret"]

After installing the packages "libsecret-1-0" and "libsecret-1-dev", I get another error in the build process:

Caused by: 
failed to query replaced source registry `crates-io` 
Caused by: 
credential provider `cargo:libsecret` failed action `get` 
Caused by: 
failed to get token: Cannot spawn a message bus without a machine-id: Unable to load /var/lib/dbus/machine-id or /etc/machine-id: Failed to open file “/var/lib/dbus/machine-id”: No such file or directory 

As far as I understand this provider uses the GNOME Keyring and for using this feature, systemd has to be available on the system(?), which seems to be much more effort for setting up the docker container accordingly.

Which leads me to my question: Is this libsecret credential provider also recommended for automated build environments with docker containers? Or how do people configure cargo authentication in automated build environments with docker containers?

Regards,
Michael

In my experience the secrets are injected into the build environment as environment variables, and those can be propagated to cargo via the command line, e.g.

cargo publish --token "$CARGO_PUBLISH_SECRET"

Thanks for the example. Ok, I guess using the token like this will use the "cargo:token" provider, meaning it will be stored in plain text (like described here Registry Authentication - The Cargo Book).

And it seems like there is no simple way to use an encrypted credentials store in a build agent container.