mirror of
				https://github.com/astral-sh/uv.git
				synced 2025-10-25 17:38:21 +00:00 
			
		
		
		
	 db371560bc
			
		
	
	
		db371560bc
		
			
		
	
	
	
	
		
			
			To enforce the 100 character line limit in markdown files introduced in https://github.com/astral-sh/uv/pull/5635, and to automate the formatting of markdown files, i've added prettier and formatted our markdown files with it. I've excluded the changelog and the generated references documentation from this for having too many changes, but we can also include them. I'm not particular on which style we use. My main motivations are (major) not having to reflow markdown files myself anymore and (minor) consistence between all markdown files. I've chosen prettier for similar reason as we chose black, it's a single good style that's automated and shared in the community. I do prefer prettier's style of not breaking inside of a link name though. This PR is in two parts, the first adds prettier to CI and documents using it, while the second actually formats the docs. When merge conflicts arise, we can drop the last commit and regenerate it with `npx prettier --prose-wrap always --write BENCHMARKS.md CONTRIBUTING.md README.md STYLE.md docs/*.md docs/concepts/**/*.md docs/guides/**/*.md docs/pip/**/*.md`. --------- Co-authored-by: Zanie Blue <contact@zanie.dev>
		
			
				
	
	
		
			80 lines
		
	
	
	
		
			3.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			80 lines
		
	
	
	
		
			3.5 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Authentication
 | |
| 
 | |
| ## Git authentication
 | |
| 
 | |
| uv allows packages to be installed from Git and supports the following schemes for authenticating
 | |
| with private repositories.
 | |
| 
 | |
| Using SSH:
 | |
| 
 | |
| - `git+ssh://git@<hostname>/...` (e.g. `git+ssh://git@github.com/astral-sh/uv`)
 | |
| - `git+ssh://git@<host>/...` (e.g. `git+ssh://git@github.com-key-2/astral-sh/uv`)
 | |
| 
 | |
| See the
 | |
| [GitHub SSH documentation](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/about-ssh)
 | |
| for more details on how to configure SSH.
 | |
| 
 | |
| Using a password or token:
 | |
| 
 | |
| - `git+https://<user>:<token>@<hostname>/...` (e.g.
 | |
|   `git+https://git:github_pat_asdf@github.com/astral-sh/uv`)
 | |
| - `git+https://<token>@<hostname>/...` (e.g. `git+https://github_pat_asdf@github.com/astral-sh/uv`)
 | |
| - `git+https://<user>@<hostname>/...` (e.g. `git+https://git@github.com/astral-sh/uv`)
 | |
| 
 | |
| When using a GitHub personal access token, the username is arbitrary. GitHub does not support
 | |
| logging in with password directly, although other hosts may. If a username is provided without
 | |
| credentials, you will be prompted to enter them.
 | |
| 
 | |
| If there are no credentials present in the URL and authentication is needed, the
 | |
| [Git credential helper](https://git-scm.com/doc/credential-helpers) will be queried.
 | |
| 
 | |
| ## HTTP authentication
 | |
| 
 | |
| uv supports credentials over HTTP when querying package registries.
 | |
| 
 | |
| Authentication can come from the following sources, in order of precedence:
 | |
| 
 | |
| - The URL, e.g., `https://<user>:<password>@<hostname>/...`
 | |
| - A [`netrc`](https://everything.curl.dev/usingcurl/netrc) configuration file
 | |
| - A [keyring](https://github.com/jaraco/keyring) provider (requires opt-in)
 | |
| 
 | |
| If authentication is found for a single net location (scheme, host, and port), it will be cached for
 | |
| the duration of the command and used for other queries to that net location. Authentication is not
 | |
| cached across invocations of uv.
 | |
| 
 | |
| Note `--keyring-provider subprocess` or `UV_KEYRING_PROVIDER=subprocess` must be provided to enable
 | |
| keyring-based authentication.
 | |
| 
 | |
| Authentication may be used for hosts specified in the following contexts:
 | |
| 
 | |
| - `index-url`
 | |
| - `extra-index-url`
 | |
| - `find-links`
 | |
| - `package @ https://...`
 | |
| 
 | |
| See the [`pip` compatibility guide](../pip/compatibility.md#registry-authentication) for details on
 | |
| differences from `pip`.
 | |
| 
 | |
| ## Custom CA certificates
 | |
| 
 | |
| By default, uv loads certificates from the bundled `webpki-roots` crate. The `webpki-roots` are a
 | |
| reliable set of trust roots from Mozilla, and including them in uv improves portability and
 | |
| performance (especially on macOS, where reading the system trust store incurs a significant delay).
 | |
| 
 | |
| However, in some cases, you may want to use the platform's native certificate store, especially if
 | |
| you're relying on a corporate trust root (e.g., for a mandatory proxy) that's included in your
 | |
| system's certificate store. To instruct uv to use the system's trust store, run uv with the
 | |
| `--native-tls` command-line flag, or set the `UV_NATIVE_TLS` environment variable to `true`.
 | |
| 
 | |
| If a direct path to the certificate is required (e.g., in CI), set the `SSL_CERT_FILE` environment
 | |
| variable to the path of the certificate bundle, to instruct uv to use that file instead of the
 | |
| system's trust store.
 | |
| 
 | |
| If client certificate authentication (mTLS) is desired, set the `SSL_CLIENT_CERT` environment
 | |
| variable to the path of the PEM formatted file containing the certificate followed by the private
 | |
| key.
 | |
| 
 | |
| ## Authentication with alternative package indexes
 | |
| 
 | |
| See the [alternative indexes integration guide](../guides/integration/alternative-indexes.md) for
 | |
| details on authentication with popular alternative Python package indexes.
 |