Skip to content

Login to the Central Registry#

The CUE Central Registry provides open, unauthenticated access to public modules. CUE that depends on public modules can be used by anyone. Some scenarios (including publishing modules) require you to authenticate by logging in. Authenticated users can also take advantage of higher rate limits than unauthenticated users.

How to login#

To authenticate with the Central Registry, follow these steps:

  1. On a computer that already has CUE installed, open a terminal or command prompt.
  2. Run cue login, and follow its prompts to authenticate with the Central Registry using your web browser.
  3. cue login waits for you to login successfully, and then closes automatically.

Why login?#

Authenticating with the Central Registry enables you to publish public modules and work with private modules.

In situations when you're using CUE without having authenticated via cue login you might see an error message mentioning "Too Many Requests". This can happen if you're making a large number of unauthenticated requests to the Central Registry that trigger the service's rate limits. These limits are in place to protect the Central Registry, and to ensure the service remains available for all users. If you see this error message then simply login, following the steps listed above, and re-run the command that failed.

Log in from GitHub Actions using OIDC#

To authenticate with the Central Registry when running in a GitHub Actions job using OpenID Connect (OIDC), follow these steps:

  1. Add a trust entry in the Central Registry. This defines the authority granted to a specific GitHub actions workflow in a specific repository.

    • Specify the owner and repository on which the trusted workflow will run.

    • Optionally limit the scope of the trust to a specific workflow file, git ref or environment. These can also be path-like patterns.

    • Finally, specify the account that the workflow will act on behalf of. This account is used to evaluate access to the registry. It defaults to you, the current user, but can (and should) be delegated to a user with just the necessary permissions.

  2. Modify your workflow job to obtain a short-lived acess token via OIDC. An easy way to do this is using the cue-labs/registry-login-action action.