Use an API token for uploading to PyPI from Travis CI instead of account creds
See original GitHub issueIt is now possible to create an API token at https://pypi.org/manage/account/token/. Travis CI autoreleases should switch to that.
❓ I’m submitting a …
- 🐣 infra improvement
❓ Do you want to request a feature or report a bug?
N/A
❓ What is the current behavior?
Account creds used.
💡 If the current behavior is a bug, please provide the steps to reproduce and if possible a screenshots and logs of the problem. If you can, show us your code.
N/A
💡 What is the expected behavior?
Token auth used for uploading to PyPI.
❓ What is the motivation / use case for changing the behavior?
Security
📋 Please tell us about your environment:
N/A
📋 Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, e.g. stackoverflow, gitter, etc.)
Ref: https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/31
Use @token
for a username and the token itself for a password when using Twine: https://github.com/pypa/warehouse/issues/994#issuecomment-512634222
Issue Analytics
- State:
- Created 4 years ago
- Comments:11 (11 by maintainers)
By the way, this issue was addressed in #226. Feel free to track/tackle migration to Travis-CI.com in a separate thread. Feel free to use jaraco/skeleton as a project in which to file the ticket and document the effort (if there’s not a better forum).
I’d like to do it in one coordinated steps across all (most) of the projects I maintain. Basically:
That would hit 90% of them. If you could coordinate that, that would be awesome.