-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use .pypirc for authentication #111
Comments
Counter-arguments:
The argument is compatibility vs. clean break. I wonder what PyPA folks would recommend for this (@ncoghlan @dstufft). |
Adding something like the following to # at the top
import os
from configparser import ConfigParser
# inside Publisher.publish:
cfg = configparser.ConfigParser()
try:
cfg.read(os.path.expanduser('~/.pypirc'))
username = username or cfg.get('pypi', 'username', fallback=None)
password = password or cfg.get('pypi', 'password', fallback=None)
except FileNotFoundError:
pass I'll come back and assign this to myself if I ever get around to setting up a Poetry development environment and trying to make this work. Otherwise, it's unclaimed. It would also be cool to save the username either to |
@osteele currently it is possible to save the credentials with these two files:
It can be done through the CLI, but i don't remember how… I didn't know it was possible when i opened this issue. So now i can do without it. But i leave the issue open because it could be nice to have compatibility accross the different tools. |
Yeah, maybe asking users to put plaintext passwords in a file should be considered a legacy behavior that shouldn't be pushed forwards. I like what Flit does: read and write the username to and from I'll open another issue for the use of Keyring for storing the password. It's related to this one, but requires different implementation steps (that could supplement this one), and may raise a different set of concerns. Here's a code sketch that only uses the password from PYPIRC_PERMISSIONS_WARNING = r"""Warning: unprotected PyPI configuration file!
Permissions 0{:o} for {!r} are too open.
It is required that your password is NOT accessible by others.
The password will be ignored.
"""
pyprc_path = os.path.expanduser('~/.pypirc')
if os.path.exists(pyprc_path):
cfg.read(pyprc_path)
cfg = configparser.ConfigParser()
username = username or cfg.get('pypi', 'username', fallback=None)
if not password:
password = cfg.get('pypi', 'password', fallback=None)
permissions = os.stat(pyprc_path).st_mode & (stat.S_IRWXU | stat.S_IRWXG | stat.S_IROTH)
if permissions & ~stat.S_IRWXU:
sys.stderr.write(PYPIRC_PERMISSIONS_WARNING.format(permissions, pyprc_path))
password = None |
It's documented in Repositories > Configuring Credentials on the web site: poetry config http-basic.pypi username password (It actually took me a while to find it, because I didn't realize the website had additional information about |
Since |
I only found this now. In fact I missed the link at the top of the GitHub repository. It would nice to add a big "Documentation" link in the README because it's what I always and immediately search in a README. |
This is not something that is planned. I prefer Poetry to be self sufficient and not to depend on other configuration files than its own. |
Using this file feels even more helpful, as it now seems that Poetry cannot cache the password in a file anymore. The default keyring usage is not helpful, as it brings the user out of the terminal, and often into a program they don't understand. |
Token is better for automation than password. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Twine can use a
.pypirc
(for example~/.pypirc
) to authenticate against the repository. It would be nice if poetry used it.The text was updated successfully, but these errors were encountered: