Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

publish: allow disabling PyPI token keyring integration and inform user of its presence #1721

Open
gotmax23 opened this issue Sep 16, 2024 · 0 comments
Open

publish: allow disabling PyPI token keyring integration and inform user of its presence #1721

gotmax23 opened this issue Sep 16, 2024 · 0 comments

Comments

@gotmax23
Copy link
Contributor

By default, hatch publish prompts for a PyPI token and then unconditionally saves it to the system keyring:

hatch/src/hatch/publish/auth.py

Lines 111 to 114 in 5352e44

if self.__password_was_read:
import keyring
keyring.set_password(self._repo, self.__username, self.__password)

I already have my token in a password vault and prefer to paste it in every time; this is what I do when publishing with twine for my non-Hatch projects. Would it be possible to allow users to opt-out from the keyring integration and not save the token? In any case, hatch should inform the user (i.e., print out a log message) that it's saving the entered token into the keyring before doing so.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gotmax23