Private Registries

What you'll accomplish: Add private registries, configure auth tokens, and use scoped packages to prevent name collisions.

Multi-registry configuration

[catalog]
verify_signatures = true
default_publish_registry = "internal"

[[catalog.registries]]
name = "internal"
url = "https://packages.internal.company.com"
priority = 1
auth_token_env = "INTERNAL_REGISTRY_TOKEN"
enabled = true

[[catalog.registries]]
name = "hoziron"
url = "https://catalog.hoziron.com"
priority = 100
enabled = true

Resolution order

Non-scoped packages are queried in priority order (lowest number first). First registry with the package wins.

Scoped packages

@scope/name syntax pins a package to a specific registry:

# Only queries the "internal" registry
hoziron catalog install @internal/proprietary-claims-tool

Configure scope mappings

[catalog.scopes]
internal = "https://packages.internal.company.com"
hoziron = "https://catalog.hoziron.com"

Scope rules:

• Scope names: lowercase alphanumeric + hyphens
• Must be mapped in [catalog.scopes] — error if unknown scope
• Bypasses priority-order resolution entirely
• Prevents name collisions between registries

Auth tokens

Store registry auth tokens as environment variables:

export INTERNAL_REGISTRY_TOKEN="your-token-here"

Reference in config:

auth_token_env = "INTERNAL_REGISTRY_TOKEN"

Testing registries

# Test all configured registries
hoziron catalog registry test

# Test a specific registry
hoziron catalog registry test internal

# List configured registries
hoziron catalog registry list

Publishing to a private registry

# Explicit target
hoziron package publish ./my-package/ --registry internal

# Or use default_publish_registry
hoziron package publish ./my-package/

Next steps

• Collections
• Publishing packages
• Air-gapped deployment

Related:

• Publishing packages
• Browsing and installing
• Air-gapped deployment