uv icon indicating copy to clipboard operation
uv copied to clipboard

Published 20 hours ago verified publisher icon astral-sh

No keyring support for authentication

Open AngellusMortis opened this issue 1 year ago • 6 comments

It appears uv does not have support for keyring like pip does.

https://pip.pypa.io/en/stable/topics/authentication/#keyring-support

AngellusMortis avatar Feb 16 '24 18:02 AngellusMortis

This seems reasonable. We'll need to find a Rust equivalent to https://pypi.org/project/keyring/

Perhaps https://github.com/hwchen/keyring-rs

zanieb avatar Feb 16 '24 18:02 zanieb

keyring is a cli app already. Probably want to add support for existing Python one first to maximize compatibility. Different auth methods need different plugins. AWS, Azure and Google Cloud each have their own plugins to use the more secure auth methods (no username/password).

Then you could migrate to a native only solution.

AngellusMortis avatar Feb 16 '24 18:02 AngellusMortis

Agreed that calling the cli is probably easiest. The cli equivalent of what pip is calling in python is really simple: keyring get <url> <username_which_is_often_empty>

chris-hartfield avatar Feb 16 '24 20:02 chris-hartfield

Agreed that calling the cli is probably easiest. The cli equivalent of what pip is calling in python is really simple: keyring get <url> <username_which_is_often_empty>

pip does already actually directly call the CLI tool if keyring isn't installed in the Python environment but is available on PATH or --keyring-provider subprocess is passed - so this behaviour would be consistent.

https://pip.pypa.io/en/stable/topics/authentication/#using-keyring-as-a-command-line-application

judahrand avatar Feb 21 '24 15:02 judahrand

Thanks for the details! Much appreciated.

zanieb avatar Feb 21 '24 15:02 zanieb

This seems reasonable. We'll need to find a Rust equivalent to https://pypi.org/project/keyring/

Perhaps https://github.com/hwchen/keyring-rs

I'd also discourage this approach. There are many Python plugins to keyring for various cloud hosted private Pypi registries (eg. Google Artifact Registry, Azure DevOps, etc). I imagine these would be incompatible with keyring-rs and so you'd lose a lot of the benefit of the keyring integration unless all of these plugins were also reimplemented.

https://github.com/Microsoft/artifacts-keyring https://github.com/GoogleCloudPlatform/artifact-registry-python-tools

judahrand avatar Feb 22 '24 08:02 judahrand

As of #2254 --keyring-provider subprocess is available. It has been tested on at least two Google artifact registry projects (using keyrings.google-artifactregistry-auth plugin) as working.

BakerNet avatar Mar 14 '24 00:03 BakerNet