-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: Add guide for authenticating to Azure Artifacts #4857
Conversation
I’ve written the examples using |
export UV_EXTRA_INDEX_URL=https://dummy:[email protected]/{organisation}/{project}/_packaging/{feedName}/pypi/simple/ | ||
|
||
uv pip install my-private-package | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Haven’t tested that workflow myself and I don’t know how common it would be (seems to me that you’d either use the plugin, if you have the wherewithal to preinstall stuff, or not use Keyring at all?). I can certainly give it a go tomorrow and add a note if you think it’d be worthwhile. Let me know
docs/guides/using-azure-artifacts.md
Outdated
``` | ||
|
||
## Authenticate using Keyring | ||
If you don’t have a PAT handy, you can authenticate to Artifacts using [`keyring`](https://github.com/jaraco/keyring) with [the `artifacts-keyring` plugin](https://github.com/Microsoft/artifacts-keyring). The plugin supports a few different authentication modes including interactive login. Because you’ll be using these two packages to authenticate to Azure Artifacts, you should arrange to have them installed into your environment from a source other than Artifacts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe what the artifacts-keyring
plugin is doing under the hood is creating a PAT and returning it.
Could you confirm that? Do you think it's worth documenting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The credential provider tool has a few different modes and I don’t know whether all of them wind up creating a PAT behind the scenes. The interactive scenario does seem to.
I wanted to keep this doc relatively short to help people get up and running, but I could link to the repo for the cred-provider so there’s enough of a paper trail for people to learn more, what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can confirm that if the following environment variable is set as follows, a PAT is not created behind the scenes:
NUGET_CREDENTIALPROVIDER_VSTS_TOKENTYPE=SelfDescribing
Here is the relevant help from the credential provider tool (dotnet exec CredentialProvider.Microsoft.dll -h
):
Token Type
NUGET_CREDENTIALPROVIDER_VSTS_TOKENTYPE
Specify 'Compact' to generate a Personal Access Token, which may
have a long validity period as it can easily be revoked from the UI,
and sends a notification mail on creation.
Specify 'SelfDescribing' to generate a shorter-lived JWT token,
which does not appear in any UI or notifications
and is more difficult to revoke.
By default PATs are generated rather than JWTs,
unless authentication can be performed non-interactively.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it. I would prefer to keep this doc as just a high-level getting started guide, I don’t think we should include advanced configuration like that here. I’ve added a link to the cred provider’s GitHub repo in 50f8af6 so people can learn more if they want to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Summary
As discussed in #3542 - there has been some confusion about how to get
uv
to work with ADO Artifacts so I'm adding a quick guide.Test Plan
Smoke-tested the examples on my machine.