Skip to main content
This plugin configures NuGet tools to authenticate with Azure Artifacts and other NuGet repositories. It follows the same model as NuGetAuthenticate@1 in Azure DevOps.

Usage

plugins:
  - NuGetAuthenticate@v1
With this configuration in place, running buildcharts generate automatically injects the necessary secrets and modifications so that dotnet restore and NuGet push operations can authenticate against Azure Artifacts feeds.

What it does

  • Runs dotnet nuget list source --format short
  • Keeps sources whose host ends with pkgs.dev.azure.com or pkgs.visualstudio.com
  • Prefers existing environment credentials when available
  • Otherwise installs the Microsoft Artifacts Credential Provider under .buildcharts/plugins/NuGetAuthenticate@v1
  • Writes secret files under .buildcharts/secrets
  • Writes ARTIFACTS_CREDENTIALPROVIDER_EXTERNAL_FEED_ENDPOINTS, a JSON payload describing the endpoint(s) and associated credentials
  • Patches the generated docker-bake.hcl so these secrets are mounted into the Docker build

Environment variables

  • ARTIFACTS_CREDENTIALPROVIDER_EXTERNAL_FEED_ENDPOINTS
  • ARTIFACTS_CREDENTIALPROVIDER_ACCESSTOKEN
  • AZURE_ARTIFACTS_ENV_ACCESS_TOKEN
  • SYSTEM_ACCESSTOKEN
  • VSS_NUGET_ACCESSTOKEN
  • VSS_NUGET_EXTERNAL_FEED_ENDPOINTS

Notes

  • The plugin only acts on Azure DevOps-hosted NuGet feeds.
  • If no matching NuGet sources are found, the plugin exits without patching the generated HCL.

Read more

Last modified on March 15, 2026