Fetching config.json from a auth enabled private cargo registry

Hi everyone,

I’m encountering an issue with my Cargo setup when trying to fetch config.json from our Artifactory registry.
Here are the details:

Environment:

  • OS: Linux (RHEL 8)
  • Rust: 1.81.x
  • Cargo: 1.81.x

Problem: Whenever Cargo attempts to fetch config.json, it fails and throws the following error:

Download request for repo:path 'cargo-myapp' is forbidden for user:'anonymous'

What I've Tried:

  • Our Artifactory registry is set up with authentication enabled.
  • In my config.toml under ~/.cargo, I have set up registries to use tokens and global credentials.
  • I’ve tried setting CARGO_REGISTRIES_{myregistry}_TOKEN and passing --token to cargo publish, but the error persists.

Suspected Cause: I suspect this has to do with the authorization header not being sent in the initial pull for config.json. Since authentication is enabled in the Artifactory registry, anonymous requests are being blocked.

Should i try setting up a proxy to Artifactory and injecting the authorization header.

  • Is there an elegant solution to ensure the authorization header is included in the initial request?

Thanks in advance!

That error message seems to come from Artifactory server, so the config.json must have been downloaded successfully.

Since Cargo knows the crate exists, it also must have downloaded crate metadata from Artifactory.

So it seems to be failing when fetching the crate tarball. I'm not familiar with how Artifactory is configured. Do you have separate settings for the crate storage and auth for it?