Open webknjaz opened 5 years ago
brainwane
commented
4 years ago @ewdurbin @di @woodruffw I could use your advice on answering https://twitter.com/Ewjoachim/status/1154474823717982208 per @webknjaz's note above. How should we advise people to deal with multiple tokens in .pypirc?
di
commented
4 years ago @brainwane It's not super ideal but the support for multiple repos could be used for this
[distutils]
index-servers =
pypi-project-A
pypi-project-B
[pypi-project-A]
repository: http://pypi.python.org/pypi
username: __token__
password: <token for A>
[pypi-project-B]
repository: http://pypi.python.org/pypi
username: __token__
password: <token for B>And then the user does twine upload -r pypi-project-A or twine upload -r pypi-project-B
brainwane
commented
4 years ago Thanks @di. I'd love for someone to polish that and add it to the right place(s) on PyPUG.
I'd also like for someone to update https://packaging.python.org/guides/migrating-to-pypi-org/#publishing-releases which still recommends user/password instead of API tokens.
bhrutledge
commented
4 years ago FWIW, there was some discussion about this in https://github.com/pypa/twine/issues/496.
bhrutledge
commented
4 years ago FYI, I did some investigation, and it's not obvious how to use multiple project API tokens with twine and keyring: https://github.com/pypa/twine/issues/565.
Ref: https://github.com/pypa/warehouse/issues/6211#issuecomment-513102869
The distributing guide should now mention the possibility of getting access tokens on a per-project basis and recommend that for use at least in automatic CI/CD systems: https://packaging.python.org/guides/distributing-packages-using-setuptools/#create-an-account
Also: @Ewjoachim brought up a question about storing multiple tokens https://twitter.com/Ewjoachim/status/1154474823717982208. This should probably be also clearly answered in docs.