pip.conf 中用于私有 PyPI 的凭据 [英] Credentials in pip.conf for private PyPI

问题描述

我有一个私有的 PyPI 存储库.有没有什么方法可以在 pip.conf 中存储类似于 .pypirc 的凭据?

I have a private PyPI repository. Is there any way to store credentials in pip.conf similar to .pypirc?

我的意思.目前在 .pypirc 中你可以有这样的配置:

What I mean. Currently in .pypirc you can have such configuration:

[distutils]
index-servers = custom

[custom]
repository: https://pypi.example.com
username: johndoe
password: changeme

从我发现你可以放入 pip.conf:

From what I've found that you can put in pip.conf:

[global]
index = https://username:password@pypi.example.com/pypi
index-url = https://username:password@pypi.example.com/simple
cert = /etc/ssl/certs/ca-certificates.crt

但在这里我看到两个问题:

But here I see two problems:

1. 对于每个网址，您每次都需要指定相同的用户名和密码.
2. 用户名和密码在日志中可见，因为它们是 url 的一部分.

有没有办法在url之外存储用户名和密码?

Is there any way to store username and password outside of url?

推荐答案

您可以像这样在 ~/.netrc 中存储供 Pip 使用的凭据:

You could store credentials for Pip to use in ~/.netrc like this:

machine pypi.example.com
    login johndoe
    password changeme

Pip 将在访问 https://pypi.example.com 时使用这些凭据，但不会记录它们.您必须单独指定索引服务器(例如在问题中的 pip.conf 中).

Pip will use these credentials when accessing https://pypi.example.com but won't log them. You must specify the index server separately (such as in pip.conf as in the question).

注意~/.netrc 必须由用户拥有 pip 执行.它也不能被任何其他用户读取.一个无效的文件被默默地忽略.您可以像这样确保权限正确:

Note that ~/.netrc must be owned by the user pip executes as. It must not be readable by any other user, either. An invalid file is silently ignored. You can ensure the permissions are correct like this:

chown $USER ~/.netrc
chmod 0600 ~/.netrc

此权限检查不适用于 Python 3.4 之前的版本，但在任何情况下都是一个好主意.

This permissions check doesn't apply before Python 3.4, but it's a good idea in any case.

在发出 HTTP 请求时，Pip 在内部使用 requests.requests 使用标准库 netrc 模块来读取文件，所以字符集是仅限于 ASCII 子集.

Internally Pip uses requests when making HTTP requests. requests uses the standard library netrc module to read the file, so the character set is limited to an ASCII subset.

这篇关于pip.conf 中用于私有 PyPI 的凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！