Skip to main content
Many projects restore dependencies from a private registry: a NuGet feed on Azure DevOps, a scoped npm registry, or an internal PyPI index. Agents working in those repositories need credentials to run dotnet restore, npm install, or pip install successfully. This guide shows the recommended pattern: store the registry credential as a Vault secret and teach agents how to use it with a skill. The same two building blocks work for any registry. This guide uses a private NuGet feed on Azure DevOps as the worked example, then shows how to adapt it to other package managers.

How it works

Vault secrets are injected as environment variables into the agent’s execution sandbox at runtime. The secret value is never sent to the AI model; the agent only references the variable by name in shell commands. A skill carries the instructions for registering the feed, so every agent that builds the affected repositories knows what to do without you repeating the setup in each workflow step.

Create a registry credential

In Azure DevOps, go to User settings → Personal access tokens → New Token and create a token with only the Packaging → Read scope. That is the only scope needed to restore packages. Note the expiration date so you can rotate the token in time.

Store it in the Project Vault

Open the project, then go to Project Settings → Project Vault and click New Secret. Name it ADO_NUGET_PAT (names must start with an uppercase letter and contain only uppercase letters, numbers, and underscores) and paste the token as the value.Either toggle Available for All Executions, or assign the secret to the specific workflows and agents that build .NET code. See Assigning Secrets for the options.

Author the skill

Skills are SKILL.md files discovered from your connected repositories (Overcut scans the skills/, .claude/skills/, and .agents/skills/ directories). Add one to a repository your workspace is connected to, for example at skills/private-nuget-feed/SKILL.md:
---
name: private-nuget-feed
description: How to authenticate to our private Azure DevOps NuGet feed
  before restoring or building .NET projects. Use whenever a task involves
  dotnet restore, build, or test.
---

# Private NuGet Feed Setup

Before running any `dotnet restore`, `dotnet build`, or `dotnet test`
command, register our private NuGet feed (once per task):

dotnet nuget add source "https://pkgs.dev.azure.com/<org>/<project>/_packaging/<feed>/nuget/v3/index.json" \
  --name private-feed \
  --username unused \
  --password "$ADO_NUGET_PAT" \
  --store-password-in-clear-text

- If the command fails because the source `private-feed` already exists,
  the feed is already registered; continue with the build.
- Always pass the password as the literal shell reference `$ADO_NUGET_PAT`
  so the shell resolves it; the variable is preset in your environment.
- If restore fails with 401, report that the NuGet credentials appear to
  be invalid or expired instead of retrying with other credentials.
Replace <org>, <project>, and <feed> with your values. The description matters: it is what tells the agent to use the skill when a .NET task comes up.

Add the skill and assign it to agents

In your project, go to Skills, select Add Skill, pick the repository that contains the skill, and add it. Then open each agent that works with your .NET repositories and select the skill in the agent’s Skills section. See Skills for the full flow.

Verify

Trigger a workflow that restores packages from the private feed. The agent registers the feed using the injected variable and the restore succeeds. If it fails with 401 (Unauthorized), check the troubleshooting section below.
The feed URL format above is for organizations on dev.azure.com/<org>. If your organization uses the legacy <org>.visualstudio.com domain, copy the exact index.json URL from the feed’s Connect to feed → dotnet page instead of constructing it.

Adapting to other package managers

The pattern is identical for any registry: a least-privilege credential in the Vault, plus a skill that tells the agent how to wire it up before installing dependencies. Only the setup command changes.
RegistryVault secretSkill instructs the agent to
npm (scoped registry)NPM_REGISTRY_TOKENWrite an .npmrc entry: //registry.example.com/:_authToken=${NPM_REGISTRY_TOKEN}
PyPI (private index)PIP_INDEX_TOKENExport PIP_INDEX_URL=https://user:$PIP_INDEX_TOKEN@pypi.example.com/simple before pip install
Maven (private repo)MAVEN_REPO_TOKENWrite a ~/.m2/settings.xml server entry referencing the variable

Alternatives

  • Configuration committed to the repository. NuGet expands environment variables in nuget.config using %VAR% syntax, so you can commit the feed and credential reference instead of using a skill. This makes restores deterministic, but the committed credentials section takes precedence on developer machines too: every developer must set the same variable locally or their restores fail with 401.
  • Custom agent image. If you already use a custom agent image, you can bake the registry configuration into the image (for example, a user-level NuGet config or the Azure Artifacts Credential Provider) and keep only the credential in the Vault.

Troubleshooting

  • Restore fails with 401 (Unauthorized): the token is expired or lacks the Packaging Read scope. Generate a new token and update the secret value in the Project Vault; no workflow or skill changes are needed.
  • The variable is empty in the sandbox: the secret is not available to that execution. Make sure it is set to Available for All Executions or assigned to the workflow or agent that runs the build.
  • The agent skips the feed setup: the skill was not loaded. Confirm the skill is enabled in the project’s Skills list and assigned to the agent, and that its description mentions the build commands it applies to.
  • Vault: secret storage, assignment, and the security model
  • Skills: discovering, adding, and assigning repository-backed skills
  • Custom Agent Image: bake registry configuration into the execution image
  • Azure DevOps Integration: connect Azure DevOps repositories to Overcut