cargo-logout

Remove an API token from the local credential storage (located in $CARGO_HOME/credentials.toml)

$ cargo logout

$ cargo logout --registry [name]

cargo logout [OPTIONS]

--registry REGISTRY
    The name of the registry to log out from. If not specified, cargo-logout defaults to logging out from the official crates.io registry. This name typically corresponds to an entry in the .cargo/config.toml file under the '[registries]' section.

The cargo-logout command is used to remove an API token previously stored by the cargo login command from the local Cargo credentials file. This file, typically located at ~/.cargo/credentials, stores authentication tokens for various package registries (like crates.io or private registries). Removing the token prevents future cargo publish operations from automatically authenticating with that registry from the current machine without re-logging in. This is important for security, especially when working on shared machines or after changing a registry account, ensuring that old tokens are no longer accessible locally.

Logging out with cargo-logout only removes the token from your local machine's credentials file. It does not revoke the token on the registry's server. If the token was compromised or you want to invalidate it globally, you must do so through the respective registry's website or API (e.g., crates.io user account settings).

API tokens are stored in the user's home directory within the .cargo/credentials file. This file is typically a TOML file that looks something like:
[registry]
token = "YOUR_TOKEN_HERE"
It's crucial to keep this file secure as it contains sensitive authentication information.

When no --registry option is provided, cargo-logout implicitly targets the default registry, which is crates.io. This simplifies the command for most common use cases involving the official Rust package registry.

The ability to manage API tokens (via cargo login and cargo logout) was introduced into Cargo to support publishing packages to crates.io and later to private or custom registries. These commands provide a secure and convenient way to authenticate operations like cargo publish without embedding tokens directly in commands or environment variables, which is less secure.

cargo(1), cargo-login(1), cargo-publish(1)