Pricing Templates
Log in Sign up
Integrations / GitHub / ...

PATCH /orgs/{org}/private-registries/{secret_name}

Updates a private registry configuration with an encrypted value for an organization. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." For OIDC-based registries (oidc_azure, oidc_aws, oidc_jfrog, or oidc_cloudsmith), the encrypted_value and key_id fields should be omitted.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Servers

Path parameters

Name Type Required Description
secret_name String Yes

The name of the secret.
org String Yes

The organization name. The name is not case sensitive.

Request headers

Name Type Required Description
Content-Type String Yes The media type of the request body.

Default value: "application/json"

Request body fields

Name Type Required Description
username String No

The username to use when authenticating with the private registry. This field should be omitted if the private registry does not require a username for authentication.
encrypted_value String No

The value for your secret, encrypted with LibSodium using the public key retrieved from the Get private registries public key for an organization endpoint.
url String No

The URL of the private registry.
client_id String No

The client ID of the Azure AD application. Required when auth_type is oidc_azure.
api_host String No

The Cloudsmith API host. Optional for oidc_cloudsmith auth type. If omitted, api.cloudsmith.io is used by default.
aws_region String No

The AWS region. Required when auth_type is oidc_aws.
selected_repository_ids[] Array No

An array of repository IDs that can access the organization private registry. You can only provide a list of repository IDs when visibility is set to selected. This field should be omitted if visibility is set to all or private.
domain String No

The CodeArtifact domain. Required when auth_type is oidc_aws.
role_name String No

The AWS IAM role name. Required when auth_type is oidc_aws.
jfrog_oidc_provider_name String No

The JFrog OIDC provider name. Required when auth_type is oidc_jfrog.
key_id String No

The ID of the key you used to encrypt the secret.
replaces_base Boolean No

Whether this private registry should replace the base registry (e.g., npmjs.org for npm, rubygems.org for rubygems). When set to true, Dependabot will only use this registry and will not fall back to the public registry. When set to false (default), Dependabot will use this registry for scoped packages but may fall back to the public registry for other packages.

Default value: false
visibility String No

Which type of organization repositories have access to the private registry. selected means only the repositories specified by selected_repository_ids can access the private registry.

Valid values:

  • "private"
  • "selected"
  • "all"
identity_mapping_name String No

The JFrog identity mapping name. Optional for oidc_jfrog auth type.
namespace String No

The Cloudsmith organization namespace. Required when auth_type is oidc_cloudsmith.
auth_type String No

The authentication type for the private registry. This field cannot be changed after creation. If provided, it must match the existing auth_type of the configuration. To change the authentication type, delete and recreate the configuration.

Valid values:

  • "oidc_azure"
  • "oidc_cloudsmith"
  • "oidc_aws"
  • "username_password"
  • "oidc_jfrog"
  • "token"
tenant_id String No

The tenant ID of the Azure AD application. Required when auth_type is oidc_azure.
domain_owner String No

The CodeArtifact domain owner (AWS account ID). Required when auth_type is oidc_aws.
registry_type String No

The registry type.

Valid values:

  • "composer_repository"
  • "goproxy_server"
  • "docker_registry"
  • "hex_organization"
  • "cargo_registry"
  • "helm_registry"
  • "terraform_registry"
  • "maven_repository"
  • "npm_registry"
  • "rubygems_server"
  • "python_index"
  • "pub_repository"
  • "git_source"
  • "nuget_feed"
  • "hex_repository"
account_id String No

The AWS account ID. Required when auth_type is oidc_aws.
audience String No

The OIDC audience. Optional for oidc_aws, oidc_jfrog, and required for oidc_cloudsmith auth types.
service_slug String No

The Cloudsmith service account slug. Required when auth_type is oidc_cloudsmith.

How to start integrating

  1. Add HTTP Task to your workflow definition.
  2. Search for the API you want to integrate with and click on the name.
    • This loads the API reference documentation and prepares the Http request settings.
  3. Click Test request to test run your request to the API and see the API's response.
All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.
Pricing Templates Integrations Blog Contact Us Help
© 2026 SimWorkflow
Terms of Service Privacy Policy