Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

clarify Azure PAT usage #11709

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+13 −10
Open

clarify Azure PAT usage #11709

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 4 additions & 7 deletions docs/configuration/indexes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,7 @@ While `unsafe-best-match` is the closest to pip's behavior, it exposes users to
## Providing credentials

Most private registries require authentication to access packages, typically via a username and
password (or access token).

To authenticate with a provide index, either provide credentials via environment variables or embed
them in the URL.
password (or access token), either loaded from environment variables or embedded in the URL.

For example, given an index named `internal-proxy` that requires a username (`public`) and password
(`koala`), define the index (without credentials) in your `pyproject.toml`:
Expand All @@ -152,9 +149,9 @@ name = "internal-proxy"
url = "https://example.com/simple"
```

From there, you can set the `UV_INDEX_INTERNAL_PROXY_USERNAME` and
`UV_INDEX_INTERNAL_PROXY_PASSWORD` environment variables, where `INTERNAL_PROXY` is the uppercase
version of the index name, with non-alphanumeric characters replaced by underscores:
Then set the `UV_INDEX_INTERNAL_PROXY_USERNAME` and `UV_INDEX_INTERNAL_PROXY_PASSWORD` environment
variables, where `INTERNAL_PROXY` is the uppercase version of the index name, with non-alphanumeric
characters replaced by underscores:

```sh
export UV_INDEX_INTERNAL_PROXY_USERNAME=public
Expand Down
12 changes: 9 additions & 3 deletions docs/guides/integration/alternative-indexes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,21 @@ Authenticate to a feed using a

If there is a PAT available (eg
[`$(System.AccessToken)` in an Azure pipeline](https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#systemaccesstoken)),
credentials can be provided via the "Basic" HTTP authentication scheme. Include the PAT in the
password field of the URL. A username must be included as well, but can be any string.
credentials can be provided via the `UV_INDEX_[index name]_[username/password]` environment
variables as described in
[Providing credentials](../../configuration/indexes.md#providing-credentials), using your PAT as the
password and an arbitrary string like "dummy" as the username.

For example, with the token stored in the `$ADO_PAT` environment variable, set the index URL with:
Alternatively, encode credentials in the `UV_INDEX` environment variable. For example, with the
token stored in the `$ADO_PAT` environment variable, set the index URL with:

```console
$ export UV_INDEX=https://dummy:[email protected]/{organisation}/{project}/_packaging/{feedName}/pypi/simple/
```

This method is not normally recommended since `uv sync` then copies the url to the `pyproject.toml`,
exposing the PAT in plaintext.

### Using `keyring`

If there is not a PAT available, authenticate to Artifacts using the
Expand Down
Loading