Open lordmauve opened 1 year ago
Thanks, I think this makes sense. I also want to add support for per-project tokens, which might mean looking them up using the project name as part of the 'username'. So we might need to take some care over what order different possibilities are tried.
@takluyver This enhancement is probably required now, especially when using keyring with the Google keyring provider. There's really no way to authenticate without some fixes.
I was able to use twine to publish to Google Artifactory. Here's the pypirc.
[distutils]
index-servers =
hi-int-prd-shared-applications
[hi-int-prd-shared-windows-applications]
repository = https://us-central1-python.pkg.dev/hi-internal-prod-b0da/hi-int-prd-shared-applications/
[global]
index-url = https://us-central1-python.pkg.dev/hi-something-9999/hi-int-prd-shared-applications/simple/
As you can see, twine does not expect username or password in the configuration.
And here's a link to the Google documentation on publishing python packages to Artifact Registry.
https://cloud.google.com/artifact-registry/docs/python/manage-packages
Flit uses
keyring.get_password()
to load a password for authentication to the package index.However, keyring also provides an API to get a username also,
keyring.get_credential()
.Twine already has support for this and will not prompt for a username if
get_credential()
returns a credential. However flit always prompts if the username is not set in.pypirc
.This is particularly useful where the username is not particularly meaningful and therefore should not be typed by the user - for example, Google Artifact Registry has a keyring plugin that returns a username of
oauth2token
where the OAuth token is the password.