Docs: Add guide for authenticating to Azure Artifacts #4857
Conversation
|
I’ve written the examples using |
benjamin-hodgson
changed the title
| export UV_EXTRA_INDEX_URL=https://dummy:[email protected]/{organisation}/{project}/_packaging/{feedName}/pypi/simple/ | ||
|
|
||
| uv pip install my-private-package | ||
| ``` |
There was a problem hiding this comment.
Haven’t tested that workflow myself and I don’t know how common it would be (seems to me that you’d either use the plugin, if you have the wherewithal to preinstall stuff, or not use Keyring at all?). I can certainly give it a go tomorrow and add a note if you think it’d be worthwhile. Let me know
docs/guides/using-azure-artifacts.md
Outdated
| ``` | ||
|
|
||
| ## Authenticate using Keyring | ||
| If you don’t have a PAT handy, you can authenticate to Artifacts using [`keyring`](https://github.com/jaraco/keyring) with [the `artifacts-keyring` plugin](https://github.com/Microsoft/artifacts-keyring). The plugin supports a few different authentication modes including interactive login. Because you’ll be using these two packages to authenticate to Azure Artifacts, you should arrange to have them installed into your environment from a source other than Artifacts. |
There was a problem hiding this comment.
I believe what the artifacts-keyring plugin is doing under the hood is creating a PAT and returning it.
Could you confirm that? Do you think it's worth documenting?
There was a problem hiding this comment.
The credential provider tool has a few different modes and I don’t know whether all of them wind up creating a PAT behind the scenes. The interactive scenario does seem to.
I wanted to keep this doc relatively short to help people get up and running, but I could link to the repo for the cred-provider so there’s enough of a paper trail for people to learn more, what do you think?
There was a problem hiding this comment.
I can confirm that if the following environment variable is set as follows, a PAT is not created behind the scenes:
NUGET_CREDENTIALPROVIDER_VSTS_TOKENTYPE=SelfDescribing
Here is the relevant help from the credential provider tool (dotnet exec CredentialProvider.Microsoft.dll -h):
Token Type
NUGET_CREDENTIALPROVIDER_VSTS_TOKENTYPE
Specify 'Compact' to generate a Personal Access Token, which may
have a long validity period as it can easily be revoked from the UI,
and sends a notification mail on creation.
Specify 'SelfDescribing' to generate a shorter-lived JWT token,
which does not appear in any UI or notifications
and is more difficult to revoke.
By default PATs are generated rather than JWTs,
unless authentication can be performed non-interactively.
There was a problem hiding this comment.
Got it. I would prefer to keep this doc as just a high-level getting started guide, I don’t think we should include advanced configuration like that here. I’ve added a link to the cred provider’s GitHub repo in 50f8af6 so people can learn more if they want to.
Summary
As discussed in #3542 - there has been some confusion about how to get
uvto work with ADO Artifacts so I'm adding a quick guide.Test Plan
Smoke-tested the examples on my machine.