-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pip 8.1.1 fails to use credentials specified inside the ~/pypirc file for downloading packages #3643
Comments
hth, |
I know that putting credentials in the url works with pip.conf but this is a huge security risk because the URL is displayed in the console and output logs in lots and lots of cases. |
Not sure what you mean. Here's my
Pulling from my PyPI server which is behind basic auth:
No credentials in clear anywhere, besides the hth, |
I will provide more info tomorow, we use the default index url, not the extra one. I will find a way to replicate the issue. |
Just tested and the output is the same with
|
~/.pypirc is for distutils (and twine) and not for pip. |
I recreated @ssbarnea's issue about credentials displaying in the clear by running pip install with the verbose option. Using pip 8.1.2 and python 2.7.12:
This was with the |
#6295 fixes this issue |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
It seems that pip 8.1.1 fails to load credentials from inside the
~/.pypirc
and prompts for the user and password instead.I deployed an private pypi-server which allows anonymous listing about requires basic authentication for
upload
anddownload
.Still pip seems to prompt me for the user and password, even if these are configured. If I introduce them it works but that's clearly not an option, especially as I am trying to configure continuous integration.
What is even more interesting is that
python setup.py sdist upload -r custom
works without prompting for any password, a clear indication that it does successfully load and use them.The text was updated successfully, but these errors were encountered: