Python
/
uv
mirror of https://github.com/astral-sh/uv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add the native keyring to the documentation (#15596)

This commit is contained in:
Zanie Blue 2025-08-30 12:24:28 -05:00
parent 0b5180cb37
commit cc4be0f2ba
1 changed files with 43 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
docs/concepts/authentication/http.md
View File

@ -5,14 +5,8 @@ uv supports credentials over HTTP when querying package registries.
Authentication can come from the following sources, in order of precedence: Authentication can come from the following sources, in order of precedence:
- The URL, e.g., `https://<user>:<password>@<hostname>/...` - The URL, e.g., `https://<user>:<password>@<hostname>/...`
- A [`.netrc`](https://everything.curl.dev/usingcurl/netrc) configuration file - A [netrc](#netrc-files) configuration file
- A [keyring](https://github.com/jaraco/keyring) provider (requires opt-in) - A [keyring provider](#keyring-providers) (off by default)
`.netrc` authentication is enabled by default, and will respect the `NETRC` environment variable if
defined, falling back to `~/.netrc` if not.
To enable keyring-based authentication, pass the `--keyring-provider subprocess` command-line
argument to uv, or set `UV_KEYRING_PROVIDER=subprocess`.
Authentication may be used for hosts specified in the following contexts: Authentication may be used for hosts specified in the following contexts:
@ -22,6 +16,47 @@ Authentication may be used for hosts specified in the following contexts:
- `find-links` - `find-links`
- `package @ https://...` - `package @ https://...`
## netrc files
[`.netrc`](https://everything.curl.dev/usingcurl/netrc) files are a long-standing plain text format
for storing credentials on a system.
Reading credentials from `.netrc` files is always enabled. The target file path will be loaded from
the `NETRC` environment variable if defined, falling back to `~/.netrc` if not.
## Keyring providers
A keyring provider typically fetches credentials from an operating system store.
The keyring providers are not used by default.
### The 'subprocess' keyring provider
The 'subprocess' keyring provider invokes the `keyring` command to fetch credentials.
The expected interface for this is based on the popular [keyring](https://github.com/jaraco/keyring)
Python package. Similar support is built-in to pip.
Set `--keyring-provider subprocess`, `UV_KEYRING_PROVIDER=subprocess`, or
`tool.uv.keyring-provider = "subprocess"` to use the provider.
### The 'native' keyring provider
!!! note
The native keyring provider is in [preview](../preview.md) — it is still experimental and being
actively developed.
The native keyring provider uses the secret storage mechanism native to your operating system. On
macOS, it uses the Keychain Services. On Windows, it uses the Windows Credential Manager. On Linux,
it uses the DBus-based Secret Service API.
Currently, uv only searches the native keyring provider for credentials it has added to the secret
store.
Set `--keyring-provider native`, `UV_KEYRING_PROVIDER=native`, or
`tool.uv.keyring-provider = "native"` to use the provider.
## Persistence of credentials ## Persistence of credentials
If authentication is found for a single index URL or net location (scheme, host, and port), it will If authentication is found for a single index URL or net location (scheme, host, and port), it will