diff --git a/pkgs/applications/terminal-emulators/alacritty/default.nix b/pkgs/applications/terminal-emulators/alacritty/default.nix
index 7c0bd8b6410..272b875cd7a 100644
--- a/pkgs/applications/terminal-emulators/alacritty/default.nix
+++ b/pkgs/applications/terminal-emulators/alacritty/default.nix
@@ -60,6 +60,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "sha256-t6ckX0PYI8UHfXhGRpcX8ly3DzE9A6i9P6f3Ny3DBzw=";
 
+  auditable = true; # TODO: remove when this is the default
+
   nativeBuildInputs = [
     cmake
     installShellFiles
diff --git a/pkgs/build-support/rust/build-rust-package/default.nix b/pkgs/build-support/rust/build-rust-package/default.nix
index 679e10a3442..20fb41d0aaa 100644
--- a/pkgs/build-support/rust/build-rust-package/default.nix
+++ b/pkgs/build-support/rust/build-rust-package/default.nix
@@ -11,6 +11,8 @@
 , cargoInstallHook
 , cargoNextestHook
 , cargoSetupHook
+, cargo-auditable
+, cargo-auditable-cargo-wrapper
 , rustc
 , libiconv
 , windows
@@ -42,6 +44,8 @@
 , buildFeatures ? [ ]
 , checkFeatures ? buildFeatures
 , useNextest ? false
+, auditable ? false # TODO: change to true
+
 , depsExtraArgs ? {}
 
 # Toggles whether a custom sysroot is created when the target is a .json file.
@@ -115,7 +119,11 @@ stdenv.mkDerivation ((removeAttrs args [ "depsExtraArgs" "cargoUpdateHook" "carg
 
   patchRegistryDeps = ./patch-registry-deps;
 
-  nativeBuildInputs = nativeBuildInputs ++ [
+  nativeBuildInputs = nativeBuildInputs ++ lib.optionals auditable [
+    (cargo-auditable-cargo-wrapper.override {
+      inherit cargo-auditable;
+    })
+  ] ++ [
     cacert
     git
     cargoBuildHook
diff --git a/pkgs/development/compilers/rust/cargo.nix b/pkgs/development/compilers/rust/cargo.nix
index 2c9a3b1af47..5571918fdc6 100644
--- a/pkgs/development/compilers/rust/cargo.nix
+++ b/pkgs/development/compilers/rust/cargo.nix
@@ -2,6 +2,7 @@
 , file, curl, pkg-config, python3, openssl, cmake, zlib
 , installShellFiles, makeWrapper, cacert, rustPlatform, rustc
 , libiconv, CoreFoundation, Security
+, auditable ? false # TODO: change to true when this is the default
 }:
 
 rustPlatform.buildRustPackage {
@@ -12,6 +13,8 @@ rustPlatform.buildRustPackage {
   cargoVendorDir = "vendor";
   buildAndTestSubdir = "src/tools/cargo";
 
+  inherit auditable;
+
   passthru = {
     rustc = rustc;
     inherit (rustc) tests;
diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix
index 6b174a7dfa4..a60da602e07 100644
--- a/pkgs/development/libraries/librsvg/default.nix
+++ b/pkgs/development/libraries/librsvg/default.nix
@@ -15,7 +15,7 @@
 , rustPlatform
 , rustc
 , rust
-, cargo
+, cargo-auditable-cargo-wrapper
 , gi-docgen
 , python3Packages
 , gnome
@@ -57,7 +57,7 @@ stdenv.mkDerivation rec {
     gdk-pixbuf
     pkg-config
     rustc
-    cargo
+    cargo-auditable-cargo-wrapper
     python3Packages.docutils
     vala
     rustPlatform.cargoSetupHook
diff --git a/pkgs/development/tools/rust/cargo-auditable/cargo-wrapper.nix b/pkgs/development/tools/rust/cargo-auditable/cargo-wrapper.nix
new file mode 100644
index 00000000000..3afa59739a3
--- /dev/null
+++ b/pkgs/development/tools/rust/cargo-auditable/cargo-wrapper.nix
@@ -0,0 +1,13 @@
+{ lib, writeShellApplication, cargo, cargo-auditable }:
+
+(writeShellApplication {
+  name = "cargo";
+  runtimeInputs = [ cargo cargo-auditable ];
+  text = ''
+    CARGO_AUDITABLE_IGNORE_UNSUPPORTED=1 cargo auditable "$@"
+  '';
+}) // {
+  meta = cargo-auditable.meta // {
+    mainProgram = "cargo";
+  };
+}
diff --git a/pkgs/development/tools/rust/cargo-auditable/default.nix b/pkgs/development/tools/rust/cargo-auditable/default.nix
index 64580d8ad8b..1c621276021 100644
--- a/pkgs/development/tools/rust/cargo-auditable/default.nix
+++ b/pkgs/development/tools/rust/cargo-auditable/default.nix
@@ -1,23 +1,40 @@
-{ lib, rustPlatform, fetchFromGitHub }:
+{ lib, fetchFromGitHub, makeRustPlatform, rustc, cargo }:
 
-rustPlatform.buildRustPackage rec {
-  pname = "cargo-auditable";
-  version = "0.5.5";
+let
+  args = rec {
+    pname = "cargo-auditable";
+    version = "0.6.0";
 
-  src = fetchFromGitHub {
-    owner = "rust-secure-code";
-    repo = pname;
-    rev = "v${version}";
-    sha256 = "sha256-mEmTgd7sC2jmYeb5pEO985v/aWWKlq/mSQUAGi32loY=";
+    src = fetchFromGitHub {
+      owner = "rust-secure-code";
+      repo = pname;
+      rev = "v${version}";
+      sha256 = "sha256-mSiEC+9QtRjWmywJnGgUqp+q8fhY0qUYrgjrAVaY114=";
+    };
+
+    cargoSha256 = "sha256-Wz5My/QxPpZVsPBUe3KHT3ttD6CTU8NCY8rhFEC+UlA=";
+
+    meta = with lib; {
+      description = "A tool to make production Rust binaries auditable";
+      homepage = "https://github.com/rust-secure-code/cargo-auditable";
+      changelog = "https://github.com/rust-secure-code/cargo-auditable/blob/v${version}/cargo-auditable/CHANGELOG.md";
+      license = with licenses; [ mit /* or */ asl20 ];
+      maintainers = with maintainers; [ figsoda ];
+    };
   };
 
-  cargoSha256 = "sha256-G72UUqvFaTY/GQSkpz1wIzjb7vIWuAjvKMZosUB6YsA=";
-
-  meta = with lib; {
-    description = "A tool to make production Rust binaries auditable";
-    homepage = "https://github.com/rust-secure-code/cargo-auditable";
-    changelog = "https://github.com/rust-secure-code/cargo-auditable/blob/v${version}/cargo-auditable/CHANGELOG.md";
-    license = with licenses; [ mit /* or */ asl20 ];
-    maintainers = with maintainers; [ figsoda ];
+  rustPlatform = makeRustPlatform {
+    inherit rustc;
+    cargo = cargo.override {
+      auditable = false;
+    };
   };
-}
+
+  bootstrap = rustPlatform.buildRustPackage (args // {
+    auditable = false;
+  });
+in
+
+rustPlatform.buildRustPackage.override { cargo-auditable = bootstrap; } (args // {
+  auditable = true; # TODO: remove when this is the default
+})
diff --git a/pkgs/development/tools/rust/rust-analyzer/default.nix b/pkgs/development/tools/rust/rust-analyzer/default.nix
index 8021ab2e631..9d59bab91d9 100644
--- a/pkgs/development/tools/rust/rust-analyzer/default.nix
+++ b/pkgs/development/tools/rust/rust-analyzer/default.nix
@@ -22,6 +22,8 @@ rustPlatform.buildRustPackage rec {
     sha256 = "sha256-2Syd2jVpY0UIfsYlmzvWICZTDVRG4UchcbRlNhuJSpM=";
   };
 
+  auditable = true; # TODO: remove when this is the default
+
   cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];
   cargoTestFlags = [ "--package" "rust-analyzer" "--package" "proc-macro-srv-cli" ];
 
diff --git a/pkgs/games/jumpy/default.nix b/pkgs/games/jumpy/default.nix
index 645069e4354..4fea663af53 100644
--- a/pkgs/games/jumpy/default.nix
+++ b/pkgs/games/jumpy/default.nix
@@ -24,6 +24,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "sha256-AXaGuRqSFiq+Uiy+UaqPdPVyDhCogC64KZZ0Ah1Yo7A=";
 
+  auditable = true; # TODO: remove when this is the default
+
   nativeBuildInputs = lib.optionals stdenv.isLinux [
     pkg-config
   ];
diff --git a/pkgs/tools/misc/fd/default.nix b/pkgs/tools/misc/fd/default.nix
index 2795210101c..0e9b07b344f 100644
--- a/pkgs/tools/misc/fd/default.nix
+++ b/pkgs/tools/misc/fd/default.nix
@@ -16,6 +16,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "sha256-QFh47Pr+7lIdT++huziKgMJxvsZElTTwu11c7/wjyHE=";
 
+  auditable = true; # TODO: remove when this is the default
+
   nativeBuildInputs = [ installShellFiles ];
 
   preFixup = ''
diff --git a/pkgs/tools/text/mdbook/default.nix b/pkgs/tools/text/mdbook/default.nix
index 56d60eb7fb5..3376937880c 100644
--- a/pkgs/tools/text/mdbook/default.nix
+++ b/pkgs/tools/text/mdbook/default.nix
@@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "sha256-KVoMC8ypikABVkIj5dCSHzYZ9CV8UMuAFxSEYLaQTSk=";
 
+  auditable = true; # TODO: remove when this is the default
+
   buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ];
 
   # Tests rely on unset 'RUST_LOG' value to emit INFO messages.
diff --git a/pkgs/tools/text/ripgrep/default.nix b/pkgs/tools/text/ripgrep/default.nix
index 022f8bd25bb..be989994dbf 100644
--- a/pkgs/tools/text/ripgrep/default.nix
+++ b/pkgs/tools/text/ripgrep/default.nix
@@ -22,6 +22,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "1kfdgh8dra4jxgcdb0lln5wwrimz0dpp33bq3h7jgs8ngaq2a9wp";
 
+  auditable = true; # TODO: remove when this is the default
+
   nativeBuildInputs = [ asciidoctor installShellFiles ]
     ++ lib.optional withPCRE2 pkg-config;
   buildInputs = lib.optional withPCRE2 pcre2
diff --git a/pkgs/tools/video/rav1e/default.nix b/pkgs/tools/video/rav1e/default.nix
index 8a2d6f74442..f75c38111a5 100644
--- a/pkgs/tools/video/rav1e/default.nix
+++ b/pkgs/tools/video/rav1e/default.nix
@@ -22,6 +22,8 @@ in rustPlatform.buildRustPackage rec {
 
   cargoHash = "sha256-iHOmItooNsGq6iTIb9M5IPXMwYh2nQ03qfjomkgCdgw=";
 
+  auditable = true; # TODO: remove when this is the default
+
   nativeBuildInputs = [ nasm cargo-c ];
 
   buildInputs = lib.optionals stdenv.isDarwin [
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 2032142b155..6aa8475b532 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -15245,6 +15245,7 @@ with pkgs;
     inherit (darwin.apple_sdk.frameworks) Security;
   };
   cargo-auditable = callPackage ../development/tools/rust/cargo-auditable { };
+  cargo-auditable-cargo-wrapper = callPackage ../development/tools/rust/cargo-auditable/cargo-wrapper.nix { };
   cargo-bisect-rustc = callPackage ../development/tools/rust/cargo-bisect-rustc {
     inherit (darwin.apple_sdk.frameworks) Security;
     openssl = openssl_1_1;