docs: Update private-packages.md nuget section

[PhilipAbed]

Changes

according to #10998
added an example

Context

I've had trouble finding documentation about nuget private packages handling, and it only appears partially in the discussion i posted above, rhys asked in a comment to add it to the docs, but no one did.

Documentation (please check one with an [x])

• I have updated the documentation, or
• No documentation update is required

How I've tested my work (please tick one)

I have verified these changes via:

• Code inspection only, or
• Newly added/modified unit tests, or
• No unit tests but ran on a real repository, or
• Both unit tests + ran on a real repository

[HonkingGoose]

Suggested change

	password should be encoded to base64
	The `password` must be base64 encoded.

I think we mean must instead of should here. Or do we mean "We recommend you use base64 encoding, because other methods are wrong/dangerous?"

Are users allowed to use another encoding, or will that break things?

[PhilipAbed]

according to rhys's comments in the discussion its a must , but im not sure and that's what im trying to clarify here

[PhilipAbed]

https://docs.microsoft.com/en-us/nuget/reference/nuget-config-file#packagesourcecredentials

in renovate we recommend encryption, but if you look at the link you will see
If a non-encrypted password is passed for password the error message ["The parameter is incorrect" will occur](https://github.com/NuGet/Home/issues/3245).

its not clear if its base 64 or not, but it should be encrypted i guess,
apparently there's another parameter called: ClearTextPassword
for storing the actual password not encrypted.
i'm not 100% sure how this is implemented so might need help here from @rarkins @viceice

if they cant answer this then i will have to investigate further

[PhilipAbed]

i think we can remove this message for now, it's not necessary as in my example i wrote : Encrypted PAT token

[viceice]

it needs to be plain text password or an API key, depends on the registry.

renovate encryption can be used, but never use base64 encoding.
that can maybe required by some custom registry, but not some i know / use.

[PhilipAbed]

@viceice if you have experience here, would you please add some info to the documentation to make it clearer for users?
i've noticed we lack private packages handling documentation for most managers and it's costing us a lot of discussions and time

i thought adding an example would help, but not sure how much, that's all i got from the discussion mentioned above

[rarkins]

I think there's maybe a mixup here regarding the npm password, where it's base64 encoded in .npmrc but we need it non-encoded in hostRules. I have no opinion on nuget passwords

[viceice]

I'm simply use this host rule for my proget server and it works for npm and nuget datasources, SERVICE_USER_PSW is the plain text password passed via environment.

  {
      matchHost: 'https://proget.domain.test/',
      username: 'service-user',
      password: process.env.SERVICE_USER_PSW,
    },

gitea nuget sample, they use plain password or PAT.

• https://docs.gitea.io/en-us/packages/nuget/#configuring-the-package-registry

I think there's maybe a mixup here regarding the npm password, where it's base64 encoded in .npmrc but we need it non-encoded in hostRules. I have no opinion on nuget passwords

Yes, seemd to wrongly mixed up from npmrc

[PhilipAbed]

in the discussion #10998 they say they use PAT,
and it has 3 thumps up from other ppl too
is PAT the encrypted PAT token from renovate?

[renovate-release]

🎉 This PR is included in version 32.156.1 🎉

The release is available on:

• GitHub release
• 32.156.1

Your semantic-release bot 📦🚀