Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
pip prints out username and password from URLs with them #4746
When I am installing pip packages from URLs which include username and password, pip prints username and password back out. This is problematic because if I am trying to install packages in an environment which logs output (Docker build for example, or CI runner) password will be logged and potentially publicly stored. I could limit pip's output, but then I might miss important output, and it will be harder to debug things.
Ideally, pip would obfuscate URLs before printing them out.
What I've run:
This is also an issue for basic authentication to a PyPi repository.
For example, if I have a
Any time I do a
Huge security concern for leaking credentials.