I have a private PyPI repository. Is there any way to store credentials in pip.conf similar to .pypirc?
What I mean. Currently in .pypirc you can have such configuration:
[distutils]
index-servers = custom
[custom]
repository: https://pypi.example.com
username: johndoe
password: changeme
From what I've found that you can put in pip.conf:
[global]
index = https://username:password@pypi.example.com/pypi
index-url = https://username:password@pypi.example.com/simple
cert = /etc/ssl/certs/ca-certificates.crt
But here I see two problems:
Is there any way to store username and password outside of url?
Ideally, you should configure Pip's keyring support. Some backends store credentials in an encrypted/protected form. Other parts of the packaging ecosystem, like Twine, also support keyring.
Alternatively, you could store credentials for Pip to use in ~/.netrc like this:
machine pypi.example.com
login johndoe
password changeme
Pip will use these credentials when accessing https://pypi.example.com but won't log them. You must specify the index server separately (such as in pip.conf as in the question).
Note that ~/.netrc must be owned by the user pip executes as. It must not be readable by any other user, either. An invalid file is silently ignored. You can ensure the permissions are correct like this:
chown $USER ~/.netrc
chmod 0600 ~/.netrc
This permissions check doesn't apply before Python 3.4, but it's a good idea in any case.
Internally Pip uses requests when making HTTP requests. requests uses the standard library netrc module to read the file, so the character set is limited to an ASCII subset.