disable keyring per default and only install via an extra

radoering · Nov 1, 2024 · a6a19cc · a6a19cc
1 parent 3b7ef12
commit a6a19cc
Show file tree

Hide file tree

Showing 12 changed files with 140 additions and 71 deletions.
diff --git a/.github/workflows/.tests-matrix.yaml b/.github/workflows/.tests-matrix.yaml
@@ -103,9 +103,11 @@ jobs:
         working-directory: poetry-plugin-export
         # Replace the python version to avoid conflicts
         # if the plugin still supports a wider range than Poetry itself.
+        # TODO: Add poetry without keyring extra after a poetry-plugin-export version
+        #       with https://github.com/python-poetry/poetry-plugin-export/pull/304 has been released.
         run: |
           perl -pi -e 's/^python =.*$/python = "~${{ inputs.python-version }}"/' pyproject.toml
-          poetry add --lock --group dev ../poetry
+          poetry add --lock --group dev ../poetry[keyring]
 
       # This step can be removed after having released a poetry-plugin-export version
       # that has cffi>=1.17.0 in its lock file.

diff --git a/docs/_index.md b/docs/_index.md
@@ -58,6 +58,15 @@ Any non-ancient version of `pipx` will do.
 ```bash
 pipx install poetry
 ```
+
+If you want to use a keyring for storing credentials, you can install Poetry with its `keyring` extra:
+
+```bash
+pipx install poetry[keyring]
+```
+
+See [Repositories - Configuring credentials]({{< relref "repositories#configuring-credentials" >}})
+for more information.
 {{< /step >}}
 {{< step >}}
 **Install Poetry (advanced)**

diff --git a/docs/configuration.md b/docs/configuration.md
@@ -234,7 +234,7 @@ across all your projects if incorrectly set.
 
 **Environment Variable**: `POETRY_INSTALLER_ONLY_BINARY`
 
-*Introduced in 1.9.0*
+*Introduced in 2.0.0*
 
 When set, this configuration allows users to enforce the use of binary distribution format for all, none or
 specific packages.
@@ -465,7 +465,7 @@ Set repository credentials (`username` and `password`) for `<name>`.
 See [Repositories - Configuring credentials]({{< relref "repositories#configuring-credentials" >}})
 for more information.
 
-### `pypi-token.<name>`:
+### `pypi-token.<name>`
 
 **Type**: `string`
 
@@ -475,7 +475,7 @@ Set repository credentials (using an API token) for `<name>`.
 See [Repositories - Configuring credentials]({{< relref "repositories#configuring-credentials" >}})
 for more information.
 
-### `certificates.<name>.cert`:
+### `certificates.<name>.cert`
 
 **Type**: `string | boolean`
 
@@ -488,7 +488,7 @@ for more information.
 This configuration can be set to `false`, if TLS certificate verification should be skipped for this
 repository.
 
-### `certificates.<name>.client-cert`:
+### `certificates.<name>.client-cert`
 
 **Type**: `string`
 
@@ -498,14 +498,17 @@ Set client certificate for repository `<name>`.
 See [Repositories - Configuring credentials - Custom certificate authority]({{< relref "repositories#custom-certificate-authority-and-mutual-tls-authentication" >}})
 for more information.
 
-### `keyring.enabled`:
+### `keyring.enabled`
 
 **Type**: `boolean`
 
-**Default**: `true`
+**Default**: `false`
 
 **Environment Variable**: `POETRY_KEYRING_ENABLED`
 
+*Changed default to `false` in 2.0.0*
+
 Enable the system keyring for storing credentials.
+(Requires Poetry to be installed with the `keyring` extra.)
 See [Repositories - Configuring credentials]({{< relref "repositories#configuring-credentials" >}})
 for more information.
diff --git a/docs/repositories.md b/docs/repositories.md
@@ -472,16 +472,20 @@ poetry config http-basic.pypi <username> <password>
 You can also specify the username and password when using the `publish` command
 with the `--username` and `--password` options.
 
-If a system keyring is available and supported, the password is stored to and retrieved from the keyring. In the above example, the credential will be stored using the name `poetry-repository-pypi`. If access to keyring fails or is unsupported, this will fall back to writing the password to the `auth.toml` file along with the username.
-
-Keyring support is enabled using the [keyring library](https://pypi.org/project/keyring/). For more information on supported backends refer to the [library documentation](https://keyring.readthedocs.io/en/latest/?badge=latest).
-
-If you do not want to use the keyring, you can tell Poetry to disable it and store the credentials in plaintext config files:
+If a system keyring is available and supported, the password is stored to and retrieved from the keyring.
+Otherwise, credentials are stored in plaintext config files.
+In order to use keyring, you have to install Poetry with its `keyring` extra (`poetry[keyring]`)
+and enable keyring support:
 
 ```bash
-poetry config keyring.enabled false
+poetry config keyring.enabled true
 ```
 
+In the above example, the credential will be stored using the name `poetry-repository-pypi`.
+If access to keyring is disabled, fails or is unsupported, this will fall back to writing the password to the `auth.toml` file along with the username.
+
+Keyring support is enabled using the [keyring library](https://pypi.org/project/keyring/). For more information on supported backends refer to the [library documentation](https://keyring.readthedocs.io/en/latest/?badge=latest).
+
 {{% note %}}
 
 Poetry will fall back to Pip style use of keyring so that backends like

diff --git a/poetry.lock b/poetry.lock