mirror of
				https://github.com/astral-sh/uv.git
				synced 2025-10-26 01:48:20 +00:00 
			
		
		
		
	 a642676236
			
		
	
	
		a642676236
		
			
		
	
	
	
		
			
	
		
	
	
		
			Some checks are pending
		
		
	
	CI / integration test | free-threaded on linux (push) Blocked by required conditions
				
			CI / check windows trampoline | i686 (push) Blocked by required conditions
				
			CI / check windows trampoline | x86_64 (push) Blocked by required conditions
				
			CI / test windows trampoline | i686 (push) Blocked by required conditions
				
			CI / test windows trampoline | x86_64 (push) Blocked by required conditions
				
			CI / typos (push) Waiting to run
				
			CI / Determine changes (push) Waiting to run
				
			CI / mkdocs (push) Waiting to run
				
			CI / build binary | linux (push) Blocked by required conditions
				
			CI / lint (push) Waiting to run
				
			CI / cargo clippy | ubuntu (push) Blocked by required conditions
				
			CI / cargo clippy | windows (push) Blocked by required conditions
				
			CI / cargo dev generate-all (push) Blocked by required conditions
				
			CI / cargo shear (push) Waiting to run
				
			CI / cargo test | ubuntu (push) Blocked by required conditions
				
			CI / cargo test | macos (push) Blocked by required conditions
				
			CI / cargo test | windows (push) Blocked by required conditions
				
			CI / check windows trampoline | aarch64 (push) Blocked by required conditions
				
			CI / build binary | macos aarch64 (push) Blocked by required conditions
				
			CI / build binary | macos x86_64 (push) Blocked by required conditions
				
			CI / build binary | windows (push) Blocked by required conditions
				
			CI / build binary | freebsd (push) Blocked by required conditions
				
			CI / ecosystem test | prefecthq/prefect (push) Blocked by required conditions
				
			CI / ecosystem test | pallets/flask (push) Blocked by required conditions
				
			CI / integration test | conda on ubuntu (push) Blocked by required conditions
				
			CI / integration test | free-threaded on windows (push) Blocked by required conditions
				
			CI / integration test | pypy on ubuntu (push) Blocked by required conditions
				
			CI / integration test | pypy on windows (push) Blocked by required conditions
				
			CI / integration test | graalpy on ubuntu (push) Blocked by required conditions
				
			CI / integration test | graalpy on windows (push) Blocked by required conditions
				
			CI / integration test | github actions (push) Blocked by required conditions
				
			CI / integration test | determine publish changes (push) Blocked by required conditions
				
			CI / integration test | uv publish (push) Blocked by required conditions
				
			CI / check cache | ubuntu (push) Blocked by required conditions
				
			CI / check cache | macos aarch64 (push) Blocked by required conditions
				
			CI / check system | python on debian (push) Blocked by required conditions
				
			CI / check system | python on fedora (push) Blocked by required conditions
				
			CI / check system | python on ubuntu (push) Blocked by required conditions
				
			CI / check system | python on opensuse (push) Blocked by required conditions
				
			CI / check system | python on rocky linux 8 (push) Blocked by required conditions
				
			CI / check system | python on rocky linux 9 (push) Blocked by required conditions
				
			CI / check system | pypy on ubuntu (push) Blocked by required conditions
				
			CI / check system | pyston (push) Blocked by required conditions
				
			CI / check system | alpine (push) Blocked by required conditions
				
			CI / check system | python on macos aarch64 (push) Blocked by required conditions
				
			CI / check system | homebrew python on macos aarch64 (push) Blocked by required conditions
				
			CI / check system | python on macos x86_64 (push) Blocked by required conditions
				
			CI / check system | python3.10 on windows (push) Blocked by required conditions
				
			CI / check system | python3.10 on windows x86 (push) Blocked by required conditions
				
			CI / check system | python3.13 on windows (push) Blocked by required conditions
				
			CI / check system | python3.12 via chocolatey (push) Blocked by required conditions
				
			CI / check system | python3.9 via pyenv (push) Blocked by required conditions
				
			CI / check system | python3.13 (push) Blocked by required conditions
				
			CI / check system | conda3.11 on linux (push) Blocked by required conditions
				
			CI / check system | conda3.8 on linux (push) Blocked by required conditions
				
			CI / check system | conda3.11 on macos (push) Blocked by required conditions
				
			CI / check system | conda3.8 on macos (push) Blocked by required conditions
				
			CI / check system | conda3.11 on windows (push) Blocked by required conditions
				
			CI / check system | conda3.8 on windows (push) Blocked by required conditions
				
			CI / check system | amazonlinux (push) Blocked by required conditions
				
			CI / check system | embedded python3.10 on windows (push) Blocked by required conditions
				
			CI / benchmarks (push) Blocked by required conditions
				
			Follow-up to #8511.
		
			
				
	
	
		
			100 lines
		
	
	
	
		
			4.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			100 lines
		
	
	
	
		
			4.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Authentication
 | |
| 
 | |
| ## Git authentication
 | |
| 
 | |
| uv allows packages to be installed from Git and supports the following schemes for authenticating
 | |
| with private repositories.
 | |
| 
 | |
| Using SSH:
 | |
| 
 | |
| - `git+ssh://git@<hostname>/...` (e.g. `git+ssh://git@github.com/astral-sh/uv`)
 | |
| - `git+ssh://git@<host>/...` (e.g. `git+ssh://git@github.com-key-2/astral-sh/uv`)
 | |
| 
 | |
| See the
 | |
| [GitHub SSH documentation](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/about-ssh)
 | |
| for more details on how to configure SSH.
 | |
| 
 | |
| Using a password or token:
 | |
| 
 | |
| - `git+https://<user>:<token>@<hostname>/...` (e.g.
 | |
|   `git+https://git:github_pat_asdf@github.com/astral-sh/uv`)
 | |
| - `git+https://<token>@<hostname>/...` (e.g. `git+https://github_pat_asdf@github.com/astral-sh/uv`)
 | |
| - `git+https://<user>@<hostname>/...` (e.g. `git+https://git@github.com/astral-sh/uv`)
 | |
| 
 | |
| When using a GitHub personal access token, the username is arbitrary. GitHub does not support
 | |
| logging in with password directly, although other hosts may. If a username is provided without
 | |
| credentials, you will be prompted to enter them.
 | |
| 
 | |
| If there are no credentials present in the URL and authentication is needed, the
 | |
| [Git credential helper](https://git-scm.com/doc/credential-helpers) will be queried.
 | |
| 
 | |
| ## HTTP authentication
 | |
| 
 | |
| uv supports credentials over HTTP when querying package registries.
 | |
| 
 | |
| Authentication can come from the following sources, in order of precedence:
 | |
| 
 | |
| - The URL, e.g., `https://<user>:<password>@<hostname>/...`
 | |
| - A [`.netrc`](https://everything.curl.dev/usingcurl/netrc) configuration file
 | |
| - A [keyring](https://github.com/jaraco/keyring) provider (requires opt-in)
 | |
| 
 | |
| If authentication is found for a single net location (scheme, host, and port), it will be cached for
 | |
| the duration of the command and used for other queries to that net location. Authentication is not
 | |
| cached across invocations of uv.
 | |
| 
 | |
| `.netrc` authentication is enabled by default, and will respect the `NETRC` environment variable if
 | |
| defined, falling back to `~/.netrc` if not.
 | |
| 
 | |
| To enable keyring-based authentication, pass the `--keyring-provider subprocess` command-line
 | |
| argument to uv, or set `UV_KEYRING_PROVIDER=subprocess`.
 | |
| 
 | |
| Authentication may be used for hosts specified in the following contexts:
 | |
| 
 | |
| - `index-url`
 | |
| - `extra-index-url`
 | |
| - `find-links`
 | |
| - `package @ https://...`
 | |
| 
 | |
| See the [`pip` compatibility guide](../pip/compatibility.md#registry-authentication) for details on
 | |
| differences from `pip`.
 | |
| 
 | |
| ## Custom CA certificates
 | |
| 
 | |
| By default, uv loads certificates from the bundled `webpki-roots` crate. The `webpki-roots` are a
 | |
| reliable set of trust roots from Mozilla, and including them in uv improves portability and
 | |
| performance (especially on macOS, where reading the system trust store incurs a significant delay).
 | |
| 
 | |
| However, in some cases, you may want to use the platform's native certificate store, especially if
 | |
| you're relying on a corporate trust root (e.g., for a mandatory proxy) that's included in your
 | |
| system's certificate store. To instruct uv to use the system's trust store, run uv with the
 | |
| `--native-tls` command-line flag, or set the `UV_NATIVE_TLS` environment variable to `true`.
 | |
| 
 | |
| If a direct path to the certificate is required (e.g., in CI), set the `SSL_CERT_FILE` environment
 | |
| variable to the path of the certificate bundle, to instruct uv to use that file instead of the
 | |
| system's trust store.
 | |
| 
 | |
| If client certificate authentication (mTLS) is desired, set the `SSL_CLIENT_CERT` environment
 | |
| variable to the path of the PEM formatted file containing the certificate followed by the private
 | |
| key.
 | |
| 
 | |
| Finally, if you're using a setup in which you want to trust a self-signed certificate or otherwise
 | |
| disable certificate verification, you can instruct uv to allow insecure connections to dedicated
 | |
| hosts via the `allow-insecure-host` configuration option. For example, adding the following to
 | |
| `pyproject.toml` will allow insecure connections to `example.com`:
 | |
| 
 | |
| ```toml
 | |
| [tool.uv]
 | |
| allow-insecure-host = ["example.com"]
 | |
| ```
 | |
| 
 | |
| `allow-insecure-host` expects to receive a hostname (e.g., `localhost`) or hostname-port pair (e.g.,
 | |
| `localhost:8080`), and is only applicable to HTTPS connections, as HTTP connections are inherently
 | |
| insecure.
 | |
| 
 | |
| Use `allow-insecure-host` with caution and only in trusted environments, as it can expose you to
 | |
| security risks due to the lack of certificate verification.
 | |
| 
 | |
| ## Authentication with alternative package indexes
 | |
| 
 | |
| See the [alternative indexes integration guide](../guides/integration/alternative-indexes.md) for
 | |
| details on authentication with popular alternative Python package indexes.
 |