Enable system keyring integration via --keyring-provider native#14559
Closed
Enable system keyring integration via --keyring-provider native#14559
--keyring-provider native#14559Conversation
jtfmumm
commented
Jul 11, 2025
crates/uv-auth/src/keyring.rs
Outdated
| /// Store credentials for the given [`Url`] to the keyring if the | ||
| /// keyring provider backend is `Native`. | ||
| #[instrument(skip_all, fields(url = % url.to_string(), username))] | ||
| pub fn store_if_native(&self, url: &DisplaySafeUrl, credentials: &Credentials) { |
Contributor
Author
There was a problem hiding this comment.
We could extend this to the Python keyring as well, but for this PR I've limited the scope to the new native backend.
| .as_ref() | ||
| .is_ok_and(|response| response.error_for_status_ref().is_ok()) | ||
| { | ||
| if let (Some(index_url), Some(keyring)) = (index_url, &self.keyring) { |
Contributor
Author
There was a problem hiding this comment.
This is currently only storing credentials on successful authentication if this is an index URL.
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
371fe09 to
56755c7
Compare
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
2 times, most recently
from
b42e924 to
99c2b35
Compare
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
jtfmumm
force-pushed
the
jtfm/vendor-keyring
branch
3 times, most recently
from
5443e7e to
9851631
Compare
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
99c2b35 to
f8756ea
Compare
jtfmumm
force-pushed
the
jtfm/vendor-keyring
branch
from
9851631 to
e06b584
Compare
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
f8756ea to
166e9e1
Compare
jtfmumm
force-pushed
the
jtfm/vendor-keyring
branch
2 times, most recently
from
71927bc to
e4a1cf1
Compare
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
166e9e1 to
496c7a2
Compare
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
d1ab06b to
a2df725
Compare
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
jtfmumm
force-pushed
the
jtfm/vendor-keyring
branch
7 times, most recently
from
0288a35 to
f29dd35
Compare
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
a2df725 to
a898fe4
Compare
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
4a382fc to
80154a2
Compare
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
jtfmumm
force-pushed
the
jtfm/keyring-exploration
branch
from
80154a2 to
ec49f65
Compare
jtfmumm
temporarily deployed
to
uv-test-registries
GitHub Actions
Inactive
zanieb
added a commit
that referenced
this pull request
Aug 28, 2025
Picks up the work from - #14559 - #14896 There are some high-level changes from those pull requests 1. We do not stash seen credentials in the keyring automatically 2. We use `auth login` and `auth logout` (for future consistency) 3. We add a `token` command for showing the credential that will be used As well as many smaller changes to API, messaging, testing, etc. --------- Co-authored-by: John Mumm <jtfmumm@gmail.com>
zanieb
added a commit
that referenced
this pull request
Aug 29, 2025
Picks up the work from - #14559 - #14896 There are some high-level changes from those pull requests 1. We do not stash seen credentials in the keyring automatically 2. We use `auth login` and `auth logout` (for future consistency) 3. We add a `token` command for showing the credential that will be used As well as many smaller changes to API, messaging, testing, etc. --------- Co-authored-by: John Mumm <jtfmumm@gmail.com>
zanieb
added a commit
that referenced
this pull request
Aug 30, 2025
Picks up the work from - #14559 - #14896 There are some high-level changes from those pull requests 1. We do not stash seen credentials in the keyring automatically 2. We use `auth login` and `auth logout` (for future consistency) 3. We add a `token` command for showing the credential that will be used As well as many smaller changes to API, messaging, testing, etc. --------- Co-authored-by: John Mumm <jtfmumm@gmail.com>
zanieb
added a commit
that referenced
this pull request
Aug 31, 2025
Picks up the work from - #14559 - #14896 There are some high-level changes from those pull requests 1. We do not stash seen credentials in the keyring automatically 2. We use `auth login` and `auth logout` (for future consistency) 3. We add a `token` command for showing the credential that will be used As well as many smaller changes to API, messaging, testing, etc. --------- Co-authored-by: John Mumm <jtfmumm@gmail.com>
Contributor
Author
|
Closed in favor of #15539 |
zanieb
added a commit
that referenced
this pull request
Sep 2, 2025
Picks up the work from - #14559 - #14896 There are some high-level changes from those pull requests 1. We do not stash seen credentials in the keyring automatically 2. We use `auth login` and `auth logout` (for future consistency) 3. We add a `token` command for showing the credential that will be used As well as many smaller changes to API, messaging, testing, etc. --------- Co-authored-by: John Mumm <jtfmumm@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR uses the
uv-keyringcrate vendored in #14725 to automatically integrate with the system keyring when the keyring provider is set to "native".When this backend is enabled, uv auth middleware will attempt to retrieve missing credentials from the system keyring. It will also store index credentials in the system keyring upon successful authentication, enabling users to provide their credentials for an index once and successfully authenticate on future invocations (though you must currently still provide a username on future invocations, see #10866).
Credentials are stored in the system keyring for a "service"/username pair. For the service, this currently prefixes the index URL with
uv-credentials:. This prefix could help prevent collisions but would also be useful for determining which keyring credentials have been set by uv. Note that this is using the index URL rather than the index name for the service.Left to do:
--previewflag, unless we think it's enough that you must explicitly configure anativekeyring provider (we've discussed making it the default, but that's not the behavior here)Depends on #14725.