diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c9d41d6..27cc3e0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,4 +44,5 @@ pack:
     paths:
       - bin/Release/nuget-host.*.nupkg
   script:
-    - dotnet pack --version-suffix ci --configuration Release --no-restore
+    - dotnet pack --configuration Release --no-restore
+    - nuget push -Source $NUGETSOURCE -ApiKey $NUGETSOURCEAPIKEY bin/Release/nuget-host.*.nupkg
diff --git a/Controllers/PackagesController.cs b/Controllers/PackagesController.cs
index a777c43..0a38106 100644
--- a/Controllers/PackagesController.cs
+++ b/Controllers/PackagesController.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.IO.Compression;
 using System.Linq;
+using System.Security.Claims;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc;
@@ -10,26 +11,32 @@ using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using NuGet.Packaging;
 using NuGet.Packaging.Core;
+using nuget_host.Data;
 using nuget_host.Entities;
 using nuget_host.Helpers;
 
 namespace nuget_host.Controllers
 {
+
+    [AllowAnonymous]
     public class PackagesController : Controller
     {
         private readonly ILogger<PackagesController> logger;
         private readonly IDataProtector protector;
 
         private readonly NugetSettings nugetSettings;
+        ApplicationDbContext dbContext;
 
         public PackagesController(
             ILoggerFactory loggerFactory,
             IDataProtectionProvider provider,
-            IOptions<NugetSettings> nugetOptions)
+            IOptions<NugetSettings> nugetOptions,
+            ApplicationDbContext dbContext)
         {
             logger = loggerFactory.CreateLogger<PackagesController>();
             nugetSettings = nugetOptions.Value;
             protector = provider.CreateProtector(nugetSettings.ProtectionTitle);
+            this.dbContext = dbContext;
         }
 
         [HttpPut("packages/{*spec}")]
@@ -44,8 +51,10 @@ namespace nuget_host.Controllers
                 ViewData["nuget client"] = "nuget {clientVersionId}";
                 
                 var clearkey = protector.Unprotect(apiKey);
-                if (clearkey!= Startup.RootApiKeySecret)
-                    return Unauthorized();
+                var userId =  User.FindFirstValue(ClaimTypes.NameIdentifier);
+                var apikey = dbContext.ApiKeys.SingleOrDefault(k => k.Id == clearkey);
+                if (apikey == null)
+                    return new BadRequestObjectResult(new {error = "api-key"});
 
                 foreach (var file in Request.Form.Files)
                 {
@@ -95,7 +104,7 @@ namespace nuget_host.Controllers
             }
             else
             {
-                return BadRequest();
+                return new BadRequestObjectResult(ViewData);
             }
             return Ok(ViewData);
         }