Configurações da organização - GitHub Enterprise Cloud Docs

List private registries for an organization

Lists all private registry configurations available at the organization-level without revealing their encrypted values.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acesso granulares para "List private registries for an organization"

Este endpoint funciona com os seguintes tipos de token granulares:

O token refinado deve ter os seguintes conjuntos de permissões:

"Organization private registries" organization permissions (read)

Parâmetros para "List private registries for an organization"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`org` string Obrigatório The organization name. The name is not case sensitive.

Parâmetros de consulta
Nome, Tipo, Descrição
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Padrão: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Padrão: `1`

Códigos de status de resposta HTTP para "List private registries for an organization"

Código de status	Descrição
`200`	OK
`400`	Bad Request
`404`	Resource not found

Exemplos de código para "List private registries for an organization"

Se você acessar GitHub em GHE.com, substitua api.github.com pelo subdomínio dedicado da sua empresa em api.SUBDOMAIN.ghe.com.

Exemplo de solicitação

get/orgs/{org}/private-registries

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries

Response

Status: 200

{
  "total_count": 1,
  "configurations": [
    {
      "name": "MAVEN_REPOSITORY_SECRET",
      "registry_type": "maven_repository",
      "username": "monalisa",
      "created_at": "2019-08-10T14:59:22Z",
      "updated_at": "2020-01-10T14:59:22Z",
      "visibility": "selected"
    }
  ]
}

Create a private registry for an organization

Creates a private registry configuration with an encrypted value for an organization. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." For OIDC-based registries (oidc_azure, oidc_aws, oidc_jfrog, or oidc_cloudsmith), the encrypted_value and key_id fields should be omitted.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acesso granulares para "Create a private registry for an organization"

Este endpoint funciona com os seguintes tipos de token granulares:

O token refinado deve ter os seguintes conjuntos de permissões:

"Organization private registries" organization permissions (write)

Parâmetros para "Create a private registry for an organization"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`org` string Obrigatório The organization name. The name is not case sensitive.

Parâmetros do corpo
Nome, Tipo, Descrição
`registry_type` string Obrigatório The registry type. Pode ser um dos: `maven_repository`, `nuget_feed`, `goproxy_server`, `npm_registry`, `rubygems_server`, `cargo_registry`, `composer_repository`, `docker_registry`, `git_source`, `helm_registry`, `hex_organization`, `hex_repository`, `pub_repository`, `python_index`, `terraform_registry`
`url` string Obrigatório The URL of the private registry.
`username` string or null The username to use when authenticating with the private registry. This field should be omitted if the private registry does not require a username for authentication.
`replaces_base` boolean Whether this private registry should replace the base registry (e.g., npmjs.org for npm, rubygems.org for rubygems). When set to `true`, Dependabot will only use this registry and will not fall back to the public registry. When set to `false` (default), Dependabot will use this registry for scoped packages but may fall back to the public registry for other packages. Padrão: `false`
`encrypted_value` string The value for your secret, encrypted with LibSodium using the public key retrieved from the Get private registries public key for an organization endpoint. Required when `auth_type` is `token` or `username_password`. Should be omitted for OIDC auth types.
`key_id` string The ID of the key you used to encrypt the secret. Required when `auth_type` is `token` or `username_password`. Should be omitted for OIDC auth types.
`visibility` string Obrigatório Which type of organization repositories have access to the private registry. `selected` means only the repositories specified by `selected_repository_ids` can access the private registry. Pode ser um dos: `all`, `private`, `selected`
`selected_repository_ids` array of integers An array of repository IDs that can access the organization private registry. You can only provide a list of repository IDs when `visibility` is set to `selected`. You can manage the list of selected repositories using the Update a private registry for an organization endpoint. This field should be omitted if `visibility` is set to `all` or `private`.
`auth_type` string The authentication type for the private registry. Defaults to `token` if not specified. Use `oidc_azure`, `oidc_aws`, `oidc_jfrog`, or `oidc_cloudsmith` for OIDC authentication. Pode ser um dos: `token`, `username_password`, `oidc_azure`, `oidc_aws`, `oidc_jfrog`, `oidc_cloudsmith`
`tenant_id` string The tenant ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`client_id` string The client ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`aws_region` string The AWS region. Required when `auth_type` is `oidc_aws`.
`account_id` string The AWS account ID. Required when `auth_type` is `oidc_aws`.
`role_name` string The AWS IAM role name. Required when `auth_type` is `oidc_aws`.
`domain` string The CodeArtifact domain. Required when `auth_type` is `oidc_aws`.
`domain_owner` string The CodeArtifact domain owner (AWS account ID). Required when `auth_type` is `oidc_aws`.
`jfrog_oidc_provider_name` string The JFrog OIDC provider name. Required when `auth_type` is `oidc_jfrog`.
`audience` string The OIDC audience. Optional for `oidc_aws`, `oidc_jfrog`, and required for `oidc_cloudsmith` auth types.
`identity_mapping_name` string The JFrog identity mapping name. Optional for `oidc_jfrog` auth type.
`namespace` string The Cloudsmith organization namespace. Required when `auth_type` is `oidc_cloudsmith`.
`service_slug` string The Cloudsmith service account slug. Required when `auth_type` is `oidc_cloudsmith`.
`api_host` string The Cloudsmith API host. Optional for `oidc_cloudsmith` auth type. If omitted, `api.cloudsmith.io` is used by default.

Códigos de status de resposta HTTP para "Create a private registry for an organization"

Código de status	Descrição
`201`	The organization private registry configuration
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Exemplos de código para "Create a private registry for an organization"

Se você acessar GitHub em GHE.com, substitua api.github.com pelo subdomínio dedicado da sua empresa em api.SUBDOMAIN.ghe.com.

Exemplos de solicitação

Select the example type

post/orgs/{org}/private-registries

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries \
  -d '{"registry_type":"maven_repository","url":"https://maven.pkg.github.com/organization/","username":"monalisa","replaces_base":true,"encrypted_value":"c2VjcmV0","key_id":"012345678912345678","visibility":"private"}'

The organization private registry configuration

Status: 201

{
  "name": "MAVEN_REPOSITORY_SECRET",
  "registry_type": "maven_repository",
  "username": "monalisa",
  "visibility": "selected",
  "selected_repository_ids": [
    1296269,
    1296280
  ],
  "created_at": "2019-08-10T14:59:22Z",
  "updated_at": "2020-01-10T14:59:22Z"
}

Get private registries public key for an organization

Gets the org public key, which is needed to encrypt private registry secrets. You need to encrypt a secret before you can create or update secrets.

OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acesso granulares para "Get private registries public key for an organization"

Este endpoint funciona com os seguintes tipos de token granulares:

O token refinado deve ter os seguintes conjuntos de permissões:

"Organization private registries" organization permissions (read)

Parâmetros para "Get private registries public key for an organization"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`org` string Obrigatório The organization name. The name is not case sensitive.

Códigos de status de resposta HTTP para "Get private registries public key for an organization"

Código de status	Descrição
`200`	OK
`404`	Resource not found

Exemplos de código para "Get private registries public key for an organization"

Se você acessar GitHub em GHE.com, substitua api.github.com pelo subdomínio dedicado da sua empresa em api.SUBDOMAIN.ghe.com.

Exemplo de solicitação

get/orgs/{org}/private-registries/public-key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries/public-key

Response

Status: 200

{
  "key_id": "012345678912345678",
  "key": "2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234"
}

Get a private registry for an organization

Get the configuration of a single private registry defined for an organization, omitting its encrypted value.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acesso granulares para "Get a private registry for an organization"

Este endpoint funciona com os seguintes tipos de token granulares:

O token refinado deve ter os seguintes conjuntos de permissões:

"Organization private registries" organization permissions (read)

Parâmetros para "Get a private registry for an organization"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`org` string Obrigatório The organization name. The name is not case sensitive.
`secret_name` string Obrigatório The name of the secret.

Códigos de status de resposta HTTP para "Get a private registry for an organization"

Código de status	Descrição
`200`	The specified private registry configuration for the organization
`404`	Resource not found

Exemplos de código para "Get a private registry for an organization"

Se você acessar GitHub em GHE.com, substitua api.github.com pelo subdomínio dedicado da sua empresa em api.SUBDOMAIN.ghe.com.

Exemplo de solicitação

get/orgs/{org}/private-registries/{secret_name}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries/SECRET_NAME

The specified private registry configuration for the organization

Status: 200

{
  "name": "MAVEN_REPOSITORY_SECRET",
  "registry_type": "maven_repository",
  "username": "monalisa",
  "visibility": "private",
  "created_at": "2019-08-10T14:59:22Z",
  "updated_at": "2020-01-10T14:59:22Z"
}

Update a private registry for an organization

Updates a private registry configuration with an encrypted value for an organization. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." For OIDC-based registries (oidc_azure, oidc_aws, oidc_jfrog, or oidc_cloudsmith), the encrypted_value and key_id fields should be omitted.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acesso granulares para "Update a private registry for an organization"

Este endpoint funciona com os seguintes tipos de token granulares:

O token refinado deve ter os seguintes conjuntos de permissões:

"Organization private registries" organization permissions (write)

Parâmetros para "Update a private registry for an organization"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`org` string Obrigatório The organization name. The name is not case sensitive.
`secret_name` string Obrigatório The name of the secret.

Parâmetros do corpo
Nome, Tipo, Descrição
`registry_type` string The registry type. Pode ser um dos: `maven_repository`, `nuget_feed`, `goproxy_server`, `npm_registry`, `rubygems_server`, `cargo_registry`, `composer_repository`, `docker_registry`, `git_source`, `helm_registry`, `hex_organization`, `hex_repository`, `pub_repository`, `python_index`, `terraform_registry`
`url` string The URL of the private registry.
`username` string or null The username to use when authenticating with the private registry. This field should be omitted if the private registry does not require a username for authentication.
`replaces_base` boolean Whether this private registry should replace the base registry (e.g., npmjs.org for npm, rubygems.org for rubygems). When set to `true`, Dependabot will only use this registry and will not fall back to the public registry. When set to `false` (default), Dependabot will use this registry for scoped packages but may fall back to the public registry for other packages. Padrão: `false`
`encrypted_value` string The value for your secret, encrypted with LibSodium using the public key retrieved from the Get private registries public key for an organization endpoint.
`key_id` string The ID of the key you used to encrypt the secret.
`visibility` string Which type of organization repositories have access to the private registry. `selected` means only the repositories specified by `selected_repository_ids` can access the private registry. Pode ser um dos: `all`, `private`, `selected`
`selected_repository_ids` array of integers An array of repository IDs that can access the organization private registry. You can only provide a list of repository IDs when `visibility` is set to `selected`. This field should be omitted if `visibility` is set to `all` or `private`.
`auth_type` string The authentication type for the private registry. This field cannot be changed after creation. If provided, it must match the existing `auth_type` of the configuration. To change the authentication type, delete and recreate the configuration. Pode ser um dos: `token`, `username_password`, `oidc_azure`, `oidc_aws`, `oidc_jfrog`, `oidc_cloudsmith`
`tenant_id` string The tenant ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`client_id` string The client ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`aws_region` string The AWS region. Required when `auth_type` is `oidc_aws`.
`account_id` string The AWS account ID. Required when `auth_type` is `oidc_aws`.
`role_name` string The AWS IAM role name. Required when `auth_type` is `oidc_aws`.
`domain` string The CodeArtifact domain. Required when `auth_type` is `oidc_aws`.
`domain_owner` string The CodeArtifact domain owner (AWS account ID). Required when `auth_type` is `oidc_aws`.
`jfrog_oidc_provider_name` string The JFrog OIDC provider name. Required when `auth_type` is `oidc_jfrog`.
`audience` string The OIDC audience. Optional for `oidc_aws`, `oidc_jfrog`, and required for `oidc_cloudsmith` auth types.
`identity_mapping_name` string The JFrog identity mapping name. Optional for `oidc_jfrog` auth type.
`namespace` string The Cloudsmith organization namespace. Required when `auth_type` is `oidc_cloudsmith`.
`service_slug` string The Cloudsmith service account slug. Required when `auth_type` is `oidc_cloudsmith`.
`api_host` string The Cloudsmith API host. Optional for `oidc_cloudsmith` auth type. If omitted, `api.cloudsmith.io` is used by default.

Códigos de status de resposta HTTP para "Update a private registry for an organization"

Código de status	Descrição
`204`	No Content
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Delete a private registry for an organization

Delete a private registry configuration at the organization-level.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acesso granulares para "Delete a private registry for an organization"

Este endpoint funciona com os seguintes tipos de token granulares:

O token refinado deve ter os seguintes conjuntos de permissões:

"Organization private registries" organization permissions (write)

Parâmetros para "Delete a private registry for an organization"

Cabeçalhos
Nome, Tipo, Descrição
`accept` string Setting to `application/vnd.github+json` is recommended.

Parâmetros de caminho
Nome, Tipo, Descrição
`org` string Obrigatório The organization name. The name is not case sensitive.
`secret_name` string Obrigatório The name of the secret.

Códigos de status de resposta HTTP para "Delete a private registry for an organization"

Código de status	Descrição
`204`	No Content
`400`	Bad Request
`404`	Resource not found

Exemplos de código para "Delete a private registry for an organization"

Se você acessar GitHub em GHE.com, substitua api.github.com pelo subdomínio dedicado da sua empresa em api.SUBDOMAIN.ghe.com.

Exemplo de solicitação

delete/orgs/{org}/private-registries/{secret_name}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries/SECRET_NAME

Response

Status: 204