目录

pub token is one of the subcommands of the pub command.

It is used to manage a store of secret tokens for authenticating against third-party servers when publishing packages and retrieving dependencies.

The tokens are stored in a user-wide config dir.

It has three subcommands: add, list and remove.

If you try to dart pub get and have a dependency hosted on a private repository you may be asked to provide credentials:

$ dart pub get
Resolving dependencies... 
https://some-package-repo.com/my-org/my-repo package repository requested authentication! You can provide credential using:
    pub token add https://some-package-repo.com/my-org/my-repo

Go to https://some-package-repo.com and log in to obtain your token. 

The last line is a message the server can provide to help you obtaining a token. Some servers might not provide such a message.

Adding credentials dart pub token add

To enter the credentials use dart pub token add, and type the credential on stdin.

$ dart pub token add https://some-package-repo.com/my-org/my-repo
Enter secret token: <Type token on stdin>
 Requests to "https://some-package-repo.com/my-org/my-repo" will now be 
 authenticated using the secret token.

In a scripting situation you can store the secret in an environment variable and use dart pub token add <hosted-url> --env-var <ENV_VAR_NAME>.

$ dart pub token add https://other-package-repo.com/ --env-var TOKEN_VAR
Requests to "https://other-package-repo.com/" will now be authenticated using the secret token stored in the environment variable "TOKEN_VAR".

This will cause dart pub get to read whatever is stored in $TOKEN_VAR and use that as the authentication token.

You can set the environment variable in Bash with export TOKEN_VAR=... but that still doesn’t prevent the command being logged.

Most CI environments has a way to inject secrets into an environment variable:

Listing credentials dart pub token list

To see a list of all active credentials use dart pub token list:

$ dart pub token list
You have secret tokens for 2 package repositories:
https://some-package-repo.com/my-org/my-repo
https://other-package-repo.com/

Removing credentials dart pub token remove

You can remove a single token with dart pub token remove:

$ dart pub token remove https://other-package-repo.com
Removed secret token for package repository: https://other-package-repo.com

Or remove all with remove --all:

$ dart pub token remove --all
pub-tokens.json is deleted.
Removed 1 secret tokens.