ARTIFACTORY: How to use Keyring Provider via Pypi Repositories

ARTIFACTORY: How to use Keyring Provider via Pypi Repositories
Products
Frog_Artifactory
Content Type
Installation_Setup
AuthorFullName__c
Kayvan Sofastaee
articleNumber
000006364
FirstPublishedDate
2025-03-11T08:41:02Z
lastModifiedDate
2025-05-22
VersionNumber
2
Keyring Support: 

Using keyring support with Pip allows for secure and convenient management of authentication credentials when interacting with Pypi repositories. By leveraging the system's keyring, users can store sensitive credentials securely, avoiding the need to hard-code usernames and passwords in configuration files or environment variables (such as .netrc files).


Step-by-Step Guide using Import/Subprocess: 

We can enable keyring support by passing values of import or subprocess methods. 

Pre-Requirements:
$ python3 --version
Python 3.10.12 and above
$ pip --version
pip 25.0.1 and above

Step 1: Configure Keyring to Store Credentials
# First, install Keyring:
pip install keyring

# Second, also install the keyrings.alt package if you want to use the non-recommended backends.
pip install keyrings.alt

Step 2: Configure pip to Use Keyring
#Set the Keyring provider to use either subprocess or import:
sudo pip config set --global global.keyring-provider subprocess

sudo pip config set --global global.keyring-provider import

Example Output:
Writing to /etc/pip.conf 
[global]
keyring-provider = subprocess 

## Or 

Writing to /etc/pip.conf 
[global]
keyring-provider = import 

Step 3: Install Packages Using pip
# Using subprocess:
pip install your-package --keyring-provider subprocess --index-url https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/simple 

# Using import:
pip install your-package --keyring-provider import --index-url https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/simple 

Example Output:
# pip install mern --keyring-provider import --index-url https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/simple
Looking in indexes: https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/simple
User for <Server_URL>: <username>
Collecting mern
  Downloading https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/packages/packages/00/7f/8539d187953904aeb72a5e7764905ff5b62f39385ef7ae3bb27dd9ccc471/mern-0.6.tar.gz (3.8 kB)
  Preparing metadata (setup.py) ... done
Collecting nltk (from mern)
  Downloading https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/packages/packages/4d/66/7d9e26593edda06e8cb531874633f7c2372279c3b0f46235539fe546df8b/nltk-3.9.1-py3-none-any.whl (1.5 MB)






# pip install laz3 --keyring-provider subprocess --index-url https://<Server_URL>/artifactory/api/pypi/pypi-remote1/simple 
Defaulting to user installation because normal site-packages is not writeable
Looking in indexes: https://<Server_URL>/artifactory/api/pypi/pypi-remote1/simple
User for <Server_URL>: <username>
Password: 
Save credentials to keyring [y/N]: y
Collecting laz3
  Downloading https://<Server_URL>/artifactory/api/pypi/pypi-remote1/packages/packages/60/ef/69f6ddca3e42a8d6fb32361eacd9001ec2c7908d9cb3aac959d032397e3d/laz3-0.0.6-py3-none-any.whl (2.6 kB)
Installing collected packages: laz3
Successfully installed laz3-0.0.6
When running the following commands above, it will ask for you to input your username and credentials. Then you have the option to store the credentials to keyring. If we run into issues using the command line above, lets ensure we upgrade the pip version to latest 22.0.2 or higher:
python3 -m pip install --upgrade pip
From there, we should be able to continue installing packages and see them cached in our Artifactory remote cache repository.

User-added image 



Using a Script: 

Alternatively, we can create a Python script that retrieves the stored credentials and configure pip to connect to Artifactory for installing packages from your Pypi repository:

Step 1: Configure Keyring to Store Credentials using Script:
Create a Python script to store these credentials:

Create a script called store_credentials.py:
import keyring

# Replace these values with your Artifactory username and password/token
username = "<username>"  # Your Artifactory username
password = "<ID-Token or Password>"  # Your Artifactory password or Token

# Service name for Artifactory
service_name = "artifactory_pypi"

# Store the credentials in keyring
keyring.set_password(service_name, username, password)
print("Credentials stored successfully for Artifactory.")
Example Output:
root@kayvan# python3 store_credentials.py 
Credentials stored successfully for Artifactory.
Step 2: Install pip Packages using a Script
Create a Python script to configure pip to connect to Artifactory for installing packages from your Pypi repository:

Create a script called downloads.py:
import keyring
import os
import subprocess

# Set the service name you used to store credentials
service_name = "artifactory_pypi"
username = "<username>"  # Use the same username you stored
password = keyring.get_password(service_name, username)

# Set the PIP index URL for your Artifactory PyPI remote repository 
artifactory_url = "https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/simple"

# Set the PIP_INDEX_URL
os.environ["PIP_INDEX_URL"] = f"https://{username}:{password}@<Server_URL>/artifactory/api/pypi/kayvan-pypi/simple"

# Specify the package you want to install
package_name = "<your-package>"

# Call pip to install the package
subprocess.run(["pip", "install", package_name])
**(Only replace the <Server_URL> with your Artifactory URL, then <your-package> with the name of the package we are trying to install from our Repository and <username> with the username we stored in our keyring).


Then we can run the script and see the packages get downloaded:
root@kayvan# python3 download.py 
Looking in indexes: https://<username>:****@<Server_URL>/artifactory/api/pypi/kayvan-pypi/simple
Collecting pip-test-1
  Downloading https://<Server_URL>/artifactory/api/pypi/kayvan-pypi/packages/packages/c5/91/c4eef151e6316d502c687c0d7f1a61cb9ec74295d00ebc4e65fbd21dbb8d/pip_test_1-0.1.tar.gz (1.3 kB)
  Preparing metadata (setup.py) ... done
Building wheels for collected packages: pip-test-1
  Building wheel for pip-test-1 (setup.py) ... done
  Created wheel for pip-test-1: filename=pip_test_1-0.1-py3-none-any.whl size=1685 sha256=678c3f9fb38f52cbcc67bed0705596758404eb0d5d55ab22b5290543af3f141f
  Stored in directory: /root/.cache/pip/wheels/9f/ec/24/00c32873e2ebfac232e2997f51aeff774c60657d411d74ec41
Successfully built pip-test-1
Installing collected packages: pip-test-1
Successfully installed pip-test-1-0.1
User-added image 



Based on the above, we are now able to use keyring support as a best practice for credential management in package installations via PyPI repositories.

Reference: https://pip.pypa.io/en/stable/topics/authentication/#keyring-support