mirror of https://github.com/pypa/hatch.git
1.4 KiB
1.4 KiB
How to authenticate for index publishing
The username is derived from the following sources, in order of precedence:
- The
--user
/-u
cli option. - The
HATCH_INDEX_USER
environment variable. - The
repos
tables. - The
~/.pypirc
file. - The input to an interactive prompt.
As a fallback the value __token__
is applied.
The password is looked up in these:
- The
~/.pypirc
file if the username was provided by it. - The
--auth
/-a
cli option. - The
HATCH_INDEX_AUTH
environment variable. - The
repos
tables. - A variety of OS-level credentials services backed by keyring.
- The input to an interactive prompt.
If interactively provided credentials were used, the username will be stored in Hatch's cache and the password stored in the available keyring backed credentials stores.
For automated releasing to PyPI, it is recommended to use "Trusted Publishing" with OIDC
(e.g. PyPA's pypi-publish
GitHub Action)
or per-project API tokens.