Configuraciones de la organización - GitHub Enterprise Cloud Docs

List private registries for an organization

Lists all private registry configurations available at the organization-level without revealing their encrypted values.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acceso granulares para "List private registries for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Organization private registries" organization permissions (read)

Parámetros para "List private registries for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
`org` string Obligatorio The organization name. The name is not case sensitive.

Parámetros de consulta
Nombre, Tipo, Descripción
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Valor predeterminado: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Valor predeterminado: `1`

Códigos de estado de respuesta HTTP para "List private registries for an organization"

código de estado	Descripción
`200`	OK
`400`	Bad Request
`404`	Resource not found

Ejemplos de código para "List private registries for an organization"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/orgs/{org}/private-registries

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries

Response

Status: 200

{
  "total_count": 1,
  "configurations": [
    {
      "name": "MAVEN_REPOSITORY_SECRET",
      "registry_type": "maven_repository",
      "username": "monalisa",
      "created_at": "2019-08-10T14:59:22Z",
      "updated_at": "2020-01-10T14:59:22Z",
      "visibility": "selected"
    }
  ]
}

Create a private registry for an organization

Creates a private registry configuration with an encrypted value for an organization. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." For OIDC-based registries (oidc_azure, oidc_aws, or oidc_jfrog), the encrypted_value and key_id fields should be omitted.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acceso granulares para "Create a private registry for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Organization private registries" organization permissions (write)

Parámetros para "Create a private registry for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
`org` string Obligatorio The organization name. The name is not case sensitive.

Parámetros del cuerpo
Nombre, Tipo, Descripción
`registry_type` string Obligatorio The registry type. Puede ser uno de los siguientes: `maven_repository`, `nuget_feed`, `goproxy_server`, `npm_registry`, `rubygems_server`, `cargo_registry`, `composer_repository`, `docker_registry`, `git_source`, `helm_registry`, `hex_organization`, `hex_repository`, `pub_repository`, `python_index`, `terraform_registry`
`url` string Obligatorio The URL of the private registry.
`username` string or null The username to use when authenticating with the private registry. This field should be omitted if the private registry does not require a username for authentication.
`replaces_base` boolean Whether this private registry should replace the base registry (e.g., npmjs.org for npm, rubygems.org for rubygems). When set to `true`, Dependabot will only use this registry and will not fall back to the public registry. When set to `false` (default), Dependabot will use this registry for scoped packages but may fall back to the public registry for other packages. Valor predeterminado: `false`
`encrypted_value` string The value for your secret, encrypted with LibSodium using the public key retrieved from the Get private registries public key for an organization endpoint. Required when `auth_type` is `token` or `username_password`. Should be omitted for OIDC auth types.
`key_id` string The ID of the key you used to encrypt the secret. Required when `auth_type` is `token` or `username_password`. Should be omitted for OIDC auth types.
`visibility` string Obligatorio Which type of organization repositories have access to the private registry. `selected` means only the repositories specified by `selected_repository_ids` can access the private registry. Puede ser uno de los siguientes: `all`, `private`, `selected`
`selected_repository_ids` array of integers An array of repository IDs that can access the organization private registry. You can only provide a list of repository IDs when `visibility` is set to `selected`. You can manage the list of selected repositories using the Update a private registry for an organization endpoint. This field should be omitted if `visibility` is set to `all` or `private`.
`auth_type` string The authentication type for the private registry. Defaults to `token` if not specified. Use `oidc_azure`, `oidc_aws`, or `oidc_jfrog` for OIDC authentication. Puede ser uno de los siguientes: `token`, `username_password`, `oidc_azure`, `oidc_aws`, `oidc_jfrog`
`tenant_id` string The tenant ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`client_id` string The client ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`aws_region` string The AWS region. Required when `auth_type` is `oidc_aws`.
`account_id` string The AWS account ID. Required when `auth_type` is `oidc_aws`.
`role_name` string The AWS IAM role name. Required when `auth_type` is `oidc_aws`.
`domain` string The CodeArtifact domain. Required when `auth_type` is `oidc_aws`.
`domain_owner` string The CodeArtifact domain owner (AWS account ID). Required when `auth_type` is `oidc_aws`.
`jfrog_oidc_provider_name` string The JFrog OIDC provider name. Required when `auth_type` is `oidc_jfrog`.
`audience` string The OIDC audience. Optional for `oidc_aws` and `oidc_jfrog` auth types.
`identity_mapping_name` string The JFrog identity mapping name. Optional for `oidc_jfrog` auth type.

Códigos de estado de respuesta HTTP para "Create a private registry for an organization"

código de estado	Descripción
`201`	The organization private registry configuration
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Ejemplos de código para "Create a private registry for an organization"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplos de solicitud

Select the example type

post/orgs/{org}/private-registries

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries \
  -d '{"registry_type":"maven_repository","url":"https://maven.pkg.github.com/organization/","username":"monalisa","replaces_base":true,"encrypted_value":"c2VjcmV0","key_id":"012345678912345678","visibility":"private"}'

The organization private registry configuration

Status: 201

{
  "name": "MAVEN_REPOSITORY_SECRET",
  "registry_type": "maven_repository",
  "username": "monalisa",
  "visibility": "selected",
  "selected_repository_ids": [
    1296269,
    1296280
  ],
  "created_at": "2019-08-10T14:59:22Z",
  "updated_at": "2020-01-10T14:59:22Z"
}

Get private registries public key for an organization

Gets the org public key, which is needed to encrypt private registry secrets. You need to encrypt a secret before you can create or update secrets.

OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acceso granulares para "Get private registries public key for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Organization private registries" organization permissions (read)

Parámetros para "Get private registries public key for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
`org` string Obligatorio The organization name. The name is not case sensitive.

Códigos de estado de respuesta HTTP para "Get private registries public key for an organization"

código de estado	Descripción
`200`	OK
`404`	Resource not found

Ejemplos de código para "Get private registries public key for an organization"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/orgs/{org}/private-registries/public-key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries/public-key

Response

Status: 200

{
  "key_id": "012345678912345678",
  "key": "2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvv1234"
}

Get a private registry for an organization

Get the configuration of a single private registry defined for an organization, omitting its encrypted value.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acceso granulares para "Get a private registry for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Organization private registries" organization permissions (read)

Parámetros para "Get a private registry for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
`org` string Obligatorio The organization name. The name is not case sensitive.
`secret_name` string Obligatorio The name of the secret.

Códigos de estado de respuesta HTTP para "Get a private registry for an organization"

código de estado	Descripción
`200`	The specified private registry configuration for the organization
`404`	Resource not found

Ejemplos de código para "Get a private registry for an organization"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/orgs/{org}/private-registries/{secret_name}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries/SECRET_NAME

The specified private registry configuration for the organization

Status: 200

{
  "name": "MAVEN_REPOSITORY_SECRET",
  "registry_type": "maven_repository",
  "username": "monalisa",
  "visibility": "private",
  "created_at": "2019-08-10T14:59:22Z",
  "updated_at": "2020-01-10T14:59:22Z"
}

Update a private registry for an organization

Updates a private registry configuration with an encrypted value for an organization. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." For OIDC-based registries (oidc_azure, oidc_aws, or oidc_jfrog), the encrypted_value and key_id fields should be omitted.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acceso granulares para "Update a private registry for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Organization private registries" organization permissions (write)

Parámetros para "Update a private registry for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
`org` string Obligatorio The organization name. The name is not case sensitive.
`secret_name` string Obligatorio The name of the secret.

Parámetros del cuerpo
Nombre, Tipo, Descripción
`registry_type` string The registry type. Puede ser uno de los siguientes: `maven_repository`, `nuget_feed`, `goproxy_server`, `npm_registry`, `rubygems_server`, `cargo_registry`, `composer_repository`, `docker_registry`, `git_source`, `helm_registry`, `hex_organization`, `hex_repository`, `pub_repository`, `python_index`, `terraform_registry`
`url` string The URL of the private registry.
`username` string or null The username to use when authenticating with the private registry. This field should be omitted if the private registry does not require a username for authentication.
`replaces_base` boolean Whether this private registry should replace the base registry (e.g., npmjs.org for npm, rubygems.org for rubygems). When set to `true`, Dependabot will only use this registry and will not fall back to the public registry. When set to `false` (default), Dependabot will use this registry for scoped packages but may fall back to the public registry for other packages. Valor predeterminado: `false`
`encrypted_value` string The value for your secret, encrypted with LibSodium using the public key retrieved from the Get private registries public key for an organization endpoint.
`key_id` string The ID of the key you used to encrypt the secret.
`visibility` string Which type of organization repositories have access to the private registry. `selected` means only the repositories specified by `selected_repository_ids` can access the private registry. Puede ser uno de los siguientes: `all`, `private`, `selected`
`selected_repository_ids` array of integers An array of repository IDs that can access the organization private registry. You can only provide a list of repository IDs when `visibility` is set to `selected`. This field should be omitted if `visibility` is set to `all` or `private`.
`auth_type` string The authentication type for the private registry. This field cannot be changed after creation. If provided, it must match the existing `auth_type` of the configuration. To change the authentication type, delete and recreate the configuration. Puede ser uno de los siguientes: `token`, `username_password`, `oidc_azure`, `oidc_aws`, `oidc_jfrog`
`tenant_id` string The tenant ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`client_id` string The client ID of the Azure AD application. Required when `auth_type` is `oidc_azure`.
`aws_region` string The AWS region. Required when `auth_type` is `oidc_aws`.
`account_id` string The AWS account ID. Required when `auth_type` is `oidc_aws`.
`role_name` string The AWS IAM role name. Required when `auth_type` is `oidc_aws`.
`domain` string The CodeArtifact domain. Required when `auth_type` is `oidc_aws`.
`domain_owner` string The CodeArtifact domain owner (AWS account ID). Required when `auth_type` is `oidc_aws`.
`jfrog_oidc_provider_name` string The JFrog OIDC provider name. Required when `auth_type` is `oidc_jfrog`.
`audience` string The OIDC audience. Optional for `oidc_aws` and `oidc_jfrog` auth types.
`identity_mapping_name` string The JFrog identity mapping name. Optional for `oidc_jfrog` auth type.

Códigos de estado de respuesta HTTP para "Update a private registry for an organization"

código de estado	Descripción
`204`	No Content
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

Delete a private registry for an organization

Delete a private registry configuration at the organization-level.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Tokens de acceso granulares para "Delete a private registry for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Organization private registries" organization permissions (write)

Parámetros para "Delete a private registry for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de ruta
Nombre, Tipo, Descripción
`org` string Obligatorio The organization name. The name is not case sensitive.
`secret_name` string Obligatorio The name of the secret.

Códigos de estado de respuesta HTTP para "Delete a private registry for an organization"

código de estado	Descripción
`204`	No Content
`400`	Bad Request
`404`	Resource not found

Ejemplos de código para "Delete a private registry for an organization"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

delete/orgs/{org}/private-registries/{secret_name}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/private-registries/SECRET_NAME

Response

Status: 204