pip.conf中用于私人PyPI的凭据 [英] Credentials in pip.conf for private PyPI
问题描述
我有一个私有的PyPI存储库.有什么方法可以像.pypirc一样在pip.conf中存储凭据?
I have a private PyPI repository. Is there any way to store credentials in pip.conf similar to .pypirc?
我的意思是.当前在.pypirc中,您可以进行以下配置:
What I mean. Currently in .pypirc you can have such configuration:
[distutils]
index-servers = custom
[custom]
repository: https://pypi.example.com
username: johndoe
password: changeme
根据我发现您可以放入pip.conf:
From what I've found that you can put in pip.conf:
[global]
index = https://username:password@pypi.example.com/pypi
index-url = https://username:password@pypi.example.com/simple
cert = /etc/ssl/certs/ca-certificates.crt
但是在这里我看到两个问题:
But here I see two problems:
- 对于每个网址,您每次都需要指定相同的用户名和密码.
- 用户名和密码在日志中可见,因为它们是url的一部分.
有什么方法可以在url之外存储用户名和密码?
Is there any way to store username and password outside of url?
推荐答案
您可以像这样在~/.netrc中存储供Pip使用的凭据:
You could store credentials for Pip to use in ~/.netrc like this:
machine pypi.example.com
login johndoe
password changeme
Pip在访问https://pypi.example.com时将使用这些凭据,但不会记录它们.您必须单独指定索引服务器(例如在问题中的pip.conf中).
Pip will use these credentials when accessing https://pypi.example.com but won't log them. You must specify the index server separately (such as in pip.conf as in the question).
请注意,~/.netrc必须归用户所有,pip执行为.同样,任何其他用户都不能读取它.无效文件将被静默忽略.您可以像这样确保权限正确:
Note that ~/.netrc must be owned by the user pip executes as. It must not be readable by any other user, either. An invalid file is silently ignored. You can ensure the permissions are correct like this:
chown $USER ~/.netrc
chmod 0600 ~/.netrc
此权限检查在Python 3.4之前不适用,但是在任何情况下都是一个好主意.
This permissions check doesn't apply before Python 3.4, but it's a good idea in any case.
内部Pip在发出HTTP请求时会使用请求.请求使用标准库 netrc 模块读取文件,因此字符集为仅限ASCII子集.
Internally Pip uses requests when making HTTP requests. requests uses the standard library netrc module to read the file, so the character set is limited to an ASCII subset.
这篇关于pip.conf中用于私人PyPI的凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
