mirror of
https://github.com/astral-sh/uv.git
synced 2025-11-03 13:14:41 +00:00
Add the native keyring to the documentation (#15596)
This commit is contained in:
Zanie Blue
parent
0b5180cb37
commit
cc4be0f2ba
1 changed files with 43 additions and 8 deletions
|
|
@ -5,14 +5,8 @@ uv supports credentials over HTTP when querying package registries.
|
|||
Authentication can come from the following sources, in order of precedence:
|
||||
|
||||
- The URL, e.g., `https://<user>:<password>@<hostname>/...`
|
||||
- A [`.netrc`](https://everything.curl.dev/usingcurl/netrc) configuration file
|
||||
- A [keyring](https://github.com/jaraco/keyring) provider (requires opt-in)
|
||||
|
||||
`.netrc` authentication is enabled by default, and will respect the `NETRC` environment variable if
|
||||
defined, falling back to `~/.netrc` if not.
|
||||
|
||||
To enable keyring-based authentication, pass the `--keyring-provider subprocess` command-line
|
||||
argument to uv, or set `UV_KEYRING_PROVIDER=subprocess`.
|
||||
- A [netrc](#netrc-files) configuration file
|
||||
- A [keyring provider](#keyring-providers) (off by default)
|
||||
|
||||
Authentication may be used for hosts specified in the following contexts:
|
||||
|
||||
|
|
@ -22,6 +16,47 @@ Authentication may be used for hosts specified in the following contexts:
|
|||
- `find-links`
|
||||
- `package @ https://...`
|
||||
|
||||
## netrc files
|
||||
|
||||
[`.netrc`](https://everything.curl.dev/usingcurl/netrc) files are a long-standing plain text format
|
||||
for storing credentials on a system.
|
||||
|
||||
Reading credentials from `.netrc` files is always enabled. The target file path will be loaded from
|
||||
the `NETRC` environment variable if defined, falling back to `~/.netrc` if not.
|
||||
|
||||
## Keyring providers
|
||||
|
||||
A keyring provider typically fetches credentials from an operating system store.
|
||||
|
||||
The keyring providers are not used by default.
|
||||
|
||||
### The 'subprocess' keyring provider
|
||||
|
||||
The 'subprocess' keyring provider invokes the `keyring` command to fetch credentials.
|
||||
|
||||
The expected interface for this is based on the popular [keyring](https://github.com/jaraco/keyring)
|
||||
Python package. Similar support is built-in to pip.
|
||||
|
||||
Set `--keyring-provider subprocess`, `UV_KEYRING_PROVIDER=subprocess`, or
|
||||
`tool.uv.keyring-provider = "subprocess"` to use the provider.
|
||||
|
||||
### The 'native' keyring provider
|
||||
|
||||
!!! note
|
||||
|
||||
The native keyring provider is in [preview](../preview.md) — it is still experimental and being
|
||||
actively developed.
|
||||
|
||||
The native keyring provider uses the secret storage mechanism native to your operating system. On
|
||||
macOS, it uses the Keychain Services. On Windows, it uses the Windows Credential Manager. On Linux,
|
||||
it uses the DBus-based Secret Service API.
|
||||
|
||||
Currently, uv only searches the native keyring provider for credentials it has added to the secret
|
||||
store.
|
||||
|
||||
Set `--keyring-provider native`, `UV_KEYRING_PROVIDER=native`, or
|
||||
`tool.uv.keyring-provider = "native"` to use the provider.
|
||||
|
||||
## Persistence of credentials
|
||||
|
||||
If authentication is found for a single index URL or net location (scheme, host, and port), it will
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue