4

Azure Artifacts allows posting a module to an Artifactory that can then be installed by using pip by setting extra-index-url in pip.ini (Windows) or pip.conf (Mac/Linux) enter image description here

However, when using pip install, the system is asking for a user/password enter image description here

Is it possible to setup this inside pip.conf and / or even better use .ssh signatures?

ntg
  • 12,950
  • 7
  • 74
  • 95
  • Check [this document](https://learn.microsoft.com/en-us/azure/devops/artifacts/quickstarts/python-packages?view=azure-devops#connect-to-your-feed), there're two options. And it can be done with PAT instead of .ssh. Also, as I know it's the expected behavior when you try to connect to the feed for the first time, after that the credentials would be cached locally and you don't need to enter that again~ – LoLance May 28 '20 at 07:14
  • We have to use `artifacts keyring` package to setup and save those credentials. It's can't be done with something inside pip.conf or .ssh signatures. It requires PAT(credentials) and the artifacts keyring would keep it in local cache. – LoLance May 28 '20 at 07:54
  • Hi, as you write, pip keyring seems to be the key for all, so thanx and accepted. Currently my keyring took my PAT but then wont log me anymore, hopefully will solve it soon :)... – ntg May 29 '20 at 08:25
  • It sounds like your pat doesn't work as expected, please check if you followed all the steps well in the official document. If the issue persists, consider posting a new issue with `azure-devops` tag with the details to reproduce your issue in linux to get a good assistance~ – LoLance May 29 '20 at 08:31
  • Just thinking loud, it might be worth storing the secret on the keyvault, then creating an App Entity and give it (read) access only to that particular secret, then store the keys to the Entity locally.. This makes sure that if things get compromised, overall security is intact... – ntg Nov 11 '22 at 18:49

2 Answers2

7

I was facing the same issue, a workaround solution that worked for me. To bypass the entire process Lance Li-MSFT mentioned:

It will ask your credentials and keep it in local cache, and it won't ask for user and password again if everything is ok

)

In the pip.ini / pip.conf file, add:

[global]
extra-index-url=https://<Personal Access Token>@pkgs.dev.azure.com/<Organization Name>/_packaging/<Feed Name>/pypi/simple/

This will be useful if you are in an environment where you can't do the first interactive login (Example Use-Case: Setting up an Azure Databricks from Azure Machine Learning Workspace and installing required packages).

Anirban Saha
  • 1,350
  • 2
  • 10
  • 38
3

Is it possible to setup this inside pip.conf and / or even better use .ssh signatures?

What you met is expected behavior if it's the first time that you try to connect to the Azure Devops feed.

It will ask your credentials and keep it in local cache, and it won't ask for user and password again if everything is ok. Check my log:

enter image description here

We should note:

  1. The Python Credential Provider is an artifacts-keyring package. It's used to keep the credentials instead of other options like pip.conf or .ssh.

  2. What it asks for is a PAT. For me, I enter the pat in both User and Password inputs.

  3. If you still need to enter the password every time when connecting to the feed, there must be something wrong with your Python Credential Provider(artifacts-keyring) package. Make sure you install this package successfully before running the pip install command.

  4. There're two options (it seems you're using option 2) to connect to the feed, they both need the artifacts keyring package to save the credentials. For me in Windows environment, it's easy to install that package. But if you're in Linux environment, you should check the step4 in Get Tools button carefully:

    enter image description here

Here's the link of prerequisites above.

halfer
  • 19,824
  • 17
  • 99
  • 186
LoLance
  • 25,666
  • 1
  • 39
  • 73