API keys
Pick the right API key for private package workflows.
API keys are only needed for private package repositories. Use the narrowest key that matches the job.
Install private packages
Use packages:read.
This is the right choice for developers, CI jobs that run rpx sync, and any workflow that only downloads private packages.
Publish private packages
Use packages:write.
This is the right choice for GitHub Actions or other automation that uploads package tarballs.
Administer packages
Use packages:admin.
This is for destructive or administrative package operations. Avoid using admin keys for normal install or publish workflows.
Store keys carefully
The dashboard shows the API key value once when you create it. Store it in a secret manager, CI secret, or through the rpx terminal prompt.