2

I use jfrog as private repository for python packages we create in the company, I config the .pip/pip.conf and .pypirc files and everything works fine in the installation.

the problem starts when I try to install regular packages, it always ask me for username and password (its ok for the private packages), there is any way to configure pip to ask for password only for the private packages?

in the pipeline i use the -i option of pip and pass the username and password:

pip3 install -r requirements.txt -i "https://<username>:<password>@<repository-url>"

but in the local machine, this is not a good option.

Mendi Neymark
  • 606
  • 5
  • 12
  • You should consider using private/public key pair to handle the password requirements. – l'L'l Jan 03 '19 at 07:16
  • how do I use private/public key for this problem? – Mendi Neymark Jan 03 '19 at 08:17
  • It's the server that asks for password, not `pip`. Also, the auth challenge is initiated early (`pip` queries all indexes for available dists for all packages), so you won't be able to avoid that. Another thing is that you can't securely store the credentials on the local machine (either `pip.conf` or enter manually), this is why I don't require passwords on the local repositories at all; they are only available via VPN, but without any additional auth. – hoefling Jan 04 '19 at 00:45

1 Answers1

1

You can actually find the answers in here Credentials in pip.conf for private PyPI and here https://pip.pypa.io/en/latest/topics/authentication/ Please note that you need to add the .netrc to your HOME directory on the local machine, not the current working directory. And in your pip.conf (Linux) or pip.ini (Windows), you need to add the following:

[global]
index-url = https://<repository-url
hstsvn
  • 384
  • 3
  • 5