Poetry: Private registry dependencies using API token
- [ ] I am on the latest Poetry version.
- [x] I have searched the issues of this repo and believe that this is not a duplicate.
- [x] If an exception occurs when executing a command, I executed it again in debug mode (
-vvvoption).
- ubuntu 18.04
- poetry 1.0.5
Issue
Apologies for the brevity of this description, i'm not in front of my machine right now. There may be a very simple answer to this question.
Are private pypi registries accessible using the API token, rather than username/password? I see that API token support for the public pypi registry was added in #1275, was this intended to also provide support for non-public registries?
- we have an Artifactory-hosted pypi registry
- we can use poetry with this registry using username and password authentication
- we cannot use API token authentication with this registry
- we have security concerns with using username/password authentication
- other tools (such as twine) are able to access this registry using the API token, rather than username/password
I guess i'm asking if some part of the API token authentication implementation is hardcoded to the public pypi registry?
If it is intended that this should work, what diagnostic information can I provide, or debugging steps can I follow?
(note that i'm lagging a couple of releases on the poetry version. Please let me know if there's any changes that could affect this that are undocumented in the changelog)
danieleades
All 3 comments
we have a similar setup and poetry (>=1) works fine with a PAT.
You can use the following command:
poetry config http-basic.foo $PAT "" (where pat goes in place of the user name)
Persedes
on 11 Jun 2020
@Persedes if that works that is a massive help!
I'm going to tentatively say that this is still a bug. there's a documented solution using the api token that doesn't work-
poetry config pypi-token.$REPO $TOKEN
and an undocumented solution which allegedly does work
poetry config http-basic.$REPO $TOKEN ""
danieleades
on 11 Jun 2020
@danieleades I'm of the opinion the documentation is a little unclear. However it seems to work for multiple users:
There are steps provided here in #910, specifically https://github.com/python-poetry/poetry/issues/910#issuecomment-484963046
For what it's worth, I was able to get a poetry to publish to a pywharf container backed by the local filesystem using this approach, with the exception that I provide the repo name as the username, e.g., with the repo "mypypi" and secret "foo":
user@host > poetry config repositories.mypypi http://localhost:8888/simple/
user@host > poetry config http-basic.mypypi mypypi foo
user@host > poetry publish -r mypypi
jdeyton
on 27 Jul 2020
Related issues
kierun
路
3Comments
tonysyu
路
3Comments
nikaro
路
3Comments
Euphorbium
路
3Comments
jhrmnn
路
3Comments
Most helpful comment
@Persedes if that works that is a massive help!
I'm going to tentatively say that this is still a bug. there's a documented solution using the api token that doesn't work-
poetry config pypi-token.$REPO $TOKENand an undocumented solution which allegedly does work
poetry config http-basic.$REPO $TOKEN ""