Store passwords in the system keychain #210
Labels
Comments
|
I believe this could be implemented by replacing: if not password:
password = self._io.ask_hidden("Password:")by something like: if not password:
try:
import keyring
if keyring.get_keyring():
password = keyring.get_password(repository_name, username)
except ImportError:
print("Install keyring to store passwords securely")
keyring = None
if not password:
password = self._io.ask_hidden("Password:")
if keyring and keyring.get_keyring():
keyring.set_password(repository_name, username, password)in |
|
If this approach was taken, why not simply make |
|
Yeah, that’s probably a better idea. Then it would be available when Poetry is installed via pipsi. I was copying the behavior of Flit, where it’s optional, but the advantages of doing it that way seem minor. |
abn
added a commit
to abn/poetry
that referenced
this issue
Jan 3, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
Jan 4, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
2 tasks
abn
added a commit
to abn/poetry
that referenced
this issue
Jan 4, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
Jan 4, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
|
@jacebrowning @osteele I have attempted an implementation using keyring in #774 . Would be great to get the change tested on different platforms. |
abn
added a commit
to abn/poetry
that referenced
this issue
Jan 15, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
Jan 15, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
Closed
abn
added a commit
to abn/poetry
that referenced
this issue
Apr 24, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
Apr 24, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
Apr 27, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
Apr 27, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
May 4, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
abn
added a commit
to abn/poetry
that referenced
this issue
Jun 20, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: python-poetry#210
kasteph
pushed a commit
that referenced
this issue
Jun 24, 2019
This change introduces the use of system keyring to store repository passwords when one is available. Passwords are added to and removed from the keyring using the config command. Resolves: #210
|
#774 fixes this issue. |
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Poetry currently requires either that you store your PyPI password in plaintext (via
poetry config http-basic.pypi username password), or enter it on eachpoetry publish. The first is insecure, the second is inconvenient.I like what Flit does: store the password in Keyring if that package is installed, and prompt the user to install it otherwise. (Keyring uses the system keychain, e.g. Keychain on macOS, the Freedesktop Secret Service standard on supported UN*X, WinVault on Windows.)
This relates to #111.
The text was updated successfully, but these errors were encountered: