Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
492 views
in Technique[技术] by (71.8m points)

python - Credentials in pip.conf for private PyPI

I have a private PyPI repository. Is there any way to store credentials in pip.conf similar to .pypirc?

What I mean. Currently in .pypirc you can have such configuration:

[distutils]
index-servers = custom

[custom]
repository: https://pypi.example.com
username: johndoe
password: changeme

From what I've found that you can put in pip.conf:

[global]
index = https://username:[email protected]/pypi
index-url = https://username:[email protected]/simple
cert = /etc/ssl/certs/ca-certificates.crt

But here I see two problems:

  1. For each url you'll need each time to specify the same username and password.
  2. Username and password become visible in the logs, cause they are part of the url.

Is there any way to store username and password outside of url?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You could store credentials for Pip to use in ~/.netrc like this:

machine pypi.example.com
    login johndoe
    password changeme

Pip will use these credentials when accessing https://pypi.example.com but won't log them. You must specify the index server separately (such as in pip.conf as in the question).

Note that ~/.netrc must be owned by the user pip executes as. It must not be readable by any other user, either. An invalid file is silently ignored. You can ensure the permissions are correct like this:

chown $USER ~/.netrc
chmod 0600 ~/.netrc

This permissions check doesn't apply before Python 3.4, but it's a good idea in any case.

Internally Pip uses requests when making HTTP requests. requests uses the standard library netrc module to read the file, so the character set is limited to an ASCII subset.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...