Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Private registry dependencies using API token

See original GitHub issue

I am on the latest Poetry version.
I have searched the issues of this repo and believe that this is not a duplicate.
If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

ubuntu 18.04
poetry 1.0.5

Issue

Apologies for the brevity of this description, i’m not in front of my machine right now. There may be a very simple answer to this question.

Are private pypi registries accessible using the API token, rather than username/password? I see that API token support for the public pypi registry was added in #1275, was this intended to also provide support for non-public registries?

we have an Artifactory-hosted pypi registry
we can use poetry with this registry using username and password authentication
we cannot use API token authentication with this registry
we have security concerns with using username/password authentication
other tools (such as twine) are able to access this registry using the API token, rather than username/password

I guess i’m asking if some part of the API token authentication implementation is hardcoded to the public pypi registry?

If it is intended that this should work, what diagnostic information can I provide, or debugging steps can I follow?

(note that i’m lagging a couple of releases on the poetry version. Please let me know if there’s any changes that could affect this that are undocumented in the changelog)

Issue Analytics

State:
Created 3 years ago
Reactions:3
Comments:5 (1 by maintainers)

Top GitHub Comments

4reactions

danieleadescommented, Jun 11, 2020

@Persedes if that works that is a massive help!

I’m going to tentatively say that this is still a bug. there’s a documented solution using the api token that doesn’t work-

poetry config pypi-token.$REPO $TOKEN

and an undocumented solution which allegedly does work

poetry config http-basic.$REPO $TOKEN ""

0reactions

CarloDePiericommented, Aug 2, 2022

I could not make poetry (v1.1.14) authenticate with private repo api token by using the cli either.

My current workaround is:

adding the repo with poetry config repositories.myrepo https://youraddress
manually edit the poetry global auth file (mine is at ~/.config/pypoetry/auth.toml) by adding this section:

[http-basic]

# possibly other repos are here

[http-basic.myrepo]
username = "__token__"  # literally this, it's not a placeholder
password = "mysecrettoken"  # the api token goes here

After that poetry can authenticate successfully and without further user interaction.

I could not replicate this working config by any combination of http-basic / pypi-token.

Top Results From Across the Web

Using private packages in a CI/CD workflow - npm Docs

You can use access tokens to test private npm packages with continuous integration (CI) systems, or deploy them using continuous deployment (CD) systems....

How to use packages from private npm registry with GitHub ...

Configuring use of private registry ; registry (provide an URL for our private registry) ; authToken (provide the authentication details required ...

NPM registry authentication - Rush.js

A private NPM registry enables your monorepo to publish NPM packages for internal usage. It works the same as the public https://www.npmjs.com/ registry,...

Private Dependencies GitHub - Travis CI Docs

Under the GitHub account settings for the user you want to use, navigate to Settings > Developer settings, and then generate a “Personal...

Personal access tokens - GitLab Docs

Documentation for GitLab Community Edition, GitLab Enterprise Edition, Omnibus GitLab, and GitLab Runner.