Guides
- RubyGems Basics
- What is a gem?
- Make your own gem
- Gems with Extensions
- Name your gem
- Publishing your gem
- Security Practices
- Managing owners using UI
- Removing a Published gem
- SSL Certificate Update
- Patterns
- Specification Reference
- Command Reference
- RubyGems.org API
- RubyGems.org API V2.0
- RubyGems.org Compact Index API
- RubyGems.org rate limits
- API key scopes
- Run your own gem server
- Setting up multi-factor authentication
- Using multi-factor authentication in command line
- MFA requirement opt in
- Using S3 as gem source
- Default gems and bundled gems
- Resources
- Contributing to RubyGems
- Frequently Asked Questions
- Plugins
- Common Vulnerabilities and Exposures
- Trusted Publishing
- Organizations
- Credits
Bundler
- Bundler in gems
- Gemfiles
- Getting Started
- How to Upgrade to Bundler 2
- How to deploy bundled applications
- How to install gems from git repositories
- How to manage application dependencies with Bundler
- How to manage groups of gems
- How to manage dependencies with Bundler
- How to troubleshoot RubyGems and Bundler TLS/SSL Issues
- How to update gems with Bundler
- How to use Bundler in a single-file Ruby script
- How to use Bundler with Docker
- How to use Bundler with Rails
- How to use Bundler with Ruby
- How to use Bundler with RubyMotion
- How to use Bundler with Sinatra
- How to use git bisect with Bundler
- How to write a Bundler plugin
- Known Plugins
- Recommended Workflow with Version Control
- Ruby Directive
Setting up OTP (auth app) multi-factor authentication
Setting up one-time password (OTP) multi-factor authentication
Prerequisite
You should have an authenticator app (like Google Authenticator, Authy, or Authenticator Plus) which supports time-based one-time password (TOTP) to scan the QR code and generate an access code. SMS-based authentication or recovery is not supported.
Enabling OTP multi-factor authentication
- Login to rubygems.org using your existing account and go to the edit settings page.
Click register a new device in the “Multi-factor Authentication” section.
- You will be redirected to a page with a QR code and a text box for verifying OTP
code. Please use your authenticator to scan the QR code. A new account for rubygems.org will be
added to your authenticator app as soon as the scan completes.
You can also add a new account manually using “Account” and “Key” shown next to the QR code.
Please make sure you choose the option “time based” as MFA type.
On successful registration, you will see a 6-digit access code (30
seconds expiry) in your authenticator app for your rubygems.org account.
Enter the shown access code in the “OTP Code” text field and click Enable.
- If the code is correct and the QR code has not expired, on next page you will see a list of recovery
codes. Please copy and store these codes in a safe place. You can use these recovery
codes to access your account, should you ever lose your phone or accidentally delete the
rubygems.org account from your authenticator app. Note that each recovery code can be used
only once. Please reregister your authenticator app after using recovery code to
login to rubygems.org (see Using recovery codes and re-setup a previously enabled MFA).
- Sign out and sign in again. Signing in will now ask for an OTP code.
Note: The Google Authenticator app only allows an MFA account to be installed on one device and there is no backup or cloud sync of the data. So if you lose or upgrade your phone, you’ll have to set up MFA again on the new phone. On the other hand, the Authy and Authenticator Plus apps allow you to use multiple devices by providing cloud backups and cross-device sync capabilities.