Skip to content


Subversion checkout URL

You can clone with
Download ZIP
zc.buildout extension to add http authentication for find-links and download recipies

This branch is 22 commits ahead, 45 commits behind lovelysystems:master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.


HTTP plugins for buildout

HTTP Basic-Authentication

With this extension it is possible to define password protected package directories without specifying the password and user in the url.

Let's take the example protected location,

First we would need to add the extension and the find link for our protected location:

find-links =
extensions = lovely.buildouthttp

Then create the .httpauth password file, this file contains all authentication information. The .httpauth file can be placed in the root of the current buildout or in the ~/.buildout directory. Each row consists of realm, uri, username, password.

Here is an example of the .httpauth file:

Example com realm,, username, secret

For instances where you do not wish to provide a plaintext .httpauth file, a [lovely.buildouthttp] stanza can be added of the following form:

realm = myrealm
uri =
user = username
password = password # storing passwords in plaintext is not recommended
prompt = no

Any or none of the "realm", "uri", "user", and "password" keys can be used. The "prompt" key then determines whether buildout pauses to ask the user for any missing authentication information (defaults to yes).

Note that basic auth also works with any recipe using (e.g. because this extension also overwrites the url opener of zc.buildout.

Protected Extensions

Prior to running any extensions, buildout first downloads them all. What this means is that extensions eggs cannot be accessed via basic http authentication by default, because lovely.buildouthttp has not been loaded yet.

Our solution is to add a new attribute to the [buildout] stanza, as follows:

index =
extensions = lovely.buildouthttp
protected-extensions = isotoma.buildout.autodevelop

What this will do is first load the extensions in "extensions", immediately after which the lovely.buildouthttp extension will load all of the protected-extensions using basic http authentication, if it is required.

Acquiring Credentials From Your .pypirc

If you use the same credentials to upload as you do to download packages, you can opt to get your credentials from your ~/.pypirc file:

use-pypirc = protectedrepo

Would use the credentials associated with the "protectedrepo" repository from your pypirc. N.B. Any credentials provided in your buildout configuration will override the settings taken from your pypirc.

Github Private Downloads

Private downloads on are protected by a user token (see: This extension allows to use such urls too. It uses the global git configuration for github.user and github.token. For setting up this config see


Thanks to Tarek Ziade for bugfixes and extensions.

Something went wrong with that request. Please try again.