Skip to main content
The REST API is now versioned. For more information, see "About API versioning."

Organization configurations

Use the REST API to manage private registry configurations for organizations.

Note

The ability to use the REST API to manage private registries is currently in public preview and subject to change.

List private registries for an organization

Note

This endpoint is in public preview and is subject to change.

Lists all private registry configurations available at the organization-level without revealing their encrypted values.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Fine-grained access tokens for "List private registries for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization private registries" organization permissions (read)

Parameters for "List private registries for an organization"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

Query parameters
Name, Type, Description
per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default: 30

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default: 1

HTTP response status codes for "List private registries for an organization"

Status codeDescription
200

OK

400

Bad Request

404

Resource not found

Code samples for "List private registries for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/private-registries
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/private-registries

Response

Status: 200
{ "total_count": 1, "configurations": [ { "name": "MAVEN_REPOSITORY_SECRET", "registry_type": "maven_repository", "username": "monalisa", "created_at": "2019-08-10T14:59:22Z", "updated_at": "2020-01-10T14:59:22Z", "visibility": "selected" } ] }

Create a private registry for an organization

Note

This endpoint is in public preview and is subject to change.

Creates a private registry configuration with an encrypted value for an organization. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Fine-grained access tokens for "Create a private registry for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization private registries" organization permissions (write)

Parameters for "Create a private registry for an organization"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
registry_type string Required

The registry type.

Value: maven_repository

username string or null

The username to use when authenticating with the private registry. This field should be omitted if the private registry does not require a username for authentication.

encrypted_value string Required

The value for your secret, encrypted with LibSodium using the public key retrieved from the Get private registries public key for an organization endpoint.

key_id string Required

The ID of the key you used to encrypt the secret.

visibility string Required

Which type of organization repositories have access to the private registry. selected means only the repositories specified by selected_repository_ids can access the private registry.

Can be one of: all, private, selected

selected_repository_ids array of integers

An array of repository IDs that can access the organization private registry. You can only provide a list of repository IDs when visibility is set to selected. You can manage the list of selected repositories using the Update a private registry for an organization endpoint. This field should be omitted if visibility is set to all or private.

HTTP response status codes for "Create a private registry for an organization"

Status codeDescription
201

The organization private registry configuration

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

Code samples for "Create a private registry for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request examples

post/orgs/{org}/private-registries
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/private-registries \ -d '{"registry_type":"maven_repository","username":"monalisa","encrypted_value":"c2VjcmV0","key_id":"012345678912345678","visibility":"private"}'

The organization private registry configuration

Status: 201
{ "name": "MAVEN_REPOSITORY_SECRET", "registry_type": "maven_repository", "username": "monalisa", "visibility": "selected", "selected_repository_ids": [ 1296269, 1296280 ], "created_at": "2019-08-10T14:59:22Z", "updated_at": "2020-01-10T14:59:22Z" }

Get private registries public key for an organization

Note

This endpoint is in public preview and is subject to change.

Gets the org public key, which is needed to encrypt private registry secrets. You need to encrypt a secret before you can create or update secrets.

OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Fine-grained access tokens for "Get private registries public key for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization private registries" organization permissions (read)

Parameters for "Get private registries public key for an organization"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

HTTP response status codes for "Get private registries public key for an organization"

Status codeDescription
200

OK

404

Resource not found

Code samples for "Get private registries public key for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/private-registries/public-key
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/private-registries/public-key

Response

Status: 200
{ "key_id": "012345678912345678", "key": "2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234" }

Get a private registry for an organization

Note

This endpoint is in public preview and is subject to change.

Get the configuration of a single private registry defined for an organization, omitting its encrypted value.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Fine-grained access tokens for "Get a private registry for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization private registries" organization permissions (read)

Parameters for "Get a private registry for an organization"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

secret_name string Required

The name of the secret.

HTTP response status codes for "Get a private registry for an organization"

Status codeDescription
200

The specified private registry configuration for the organization

404

Resource not found

Code samples for "Get a private registry for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/private-registries/{secret_name}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/private-registries/SECRET_NAME

The specified private registry configuration for the organization

Status: 200
{ "name": "MAVEN_REPOSITORY_SECRET", "registry_type": "maven_repository", "username": "monalisa", "visibility": "private", "created_at": "2019-08-10T14:59:22Z", "updated_at": "2020-01-10T14:59:22Z" }

Update a private registry for an organization

Note

This endpoint is in public preview and is subject to change.

Updates a private registry configuration with an encrypted value for an organization. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API."

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Fine-grained access tokens for "Update a private registry for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization private registries" organization permissions (write)

Parameters for "Update a private registry for an organization"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

secret_name string Required

The name of the secret.

Body parameters
Name, Type, Description
registry_type string

The registry type.

Value: maven_repository

username string or null

The username to use when authenticating with the private registry. This field should be omitted if the private registry does not require a username for authentication.

encrypted_value string

The value for your secret, encrypted with LibSodium using the public key retrieved from the Get private registries public key for an organization endpoint.

key_id string

The ID of the key you used to encrypt the secret.

visibility string

Which type of organization repositories have access to the private registry. selected means only the repositories specified by selected_repository_ids can access the private registry.

Can be one of: all, private, selected

selected_repository_ids array of integers

An array of repository IDs that can access the organization private registry. You can only provide a list of repository IDs when visibility is set to selected. This field should be omitted if visibility is set to all or private.

HTTP response status codes for "Update a private registry for an organization"

Status codeDescription
204

No Content

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

Code samples for "Update a private registry for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

patch/orgs/{org}/private-registries/{secret_name}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/private-registries/SECRET_NAME \ -d '{"username":"monalisa","encrypted_value":"c2VjcmV0","key_id":"012345678912345678"}'

Response

Status: 204

Delete a private registry for an organization

Note

This endpoint is in public preview and is subject to change.

Delete a private registry configuration at the organization-level.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Fine-grained access tokens for "Delete a private registry for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Organization private registries" organization permissions (write)

Parameters for "Delete a private registry for an organization"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

secret_name string Required

The name of the secret.

HTTP response status codes for "Delete a private registry for an organization"

Status codeDescription
204

No Content

400

Bad Request

404

Resource not found

Code samples for "Delete a private registry for an organization"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

delete/orgs/{org}/private-registries/{secret_name}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/private-registries/SECRET_NAME

Response

Status: 204