Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication fails with uv add command because the authentication information for the index URL is removed from pyproject.toml #11708

Open
Di-Is opened this issue Feb 22, 2025 · 0 comments
Open

Authentication fails with uv add command because the authentication information for the index URL is removed from pyproject.toml #11708

Di-Is opened this issue Feb 22, 2025 · 0 comments
Labels
question Asking for clarification or support

Comments

@Di-Is
Copy link
Contributor

Di-Is commented Feb 22, 2025
edited
Loading

Overview

When adding a package from a private GitLab registry using uv add with a PAT embedded in the index URL (and storing credentials in the keyring), the package is initially installed successfully. However, running uv sync later results in a dependency resolution error due to missing authentication credentials.

Reproduction Steps

Adding the Package

The following command was used to add the package. It includes the PAT (__token__ in the URL) and stores the credentials in the keyring.

$ uv add private-package --keyring-provider "subprocess" --index gitlab=https://[email protected]/api/v4/projects/xxxxxxxx/packages/pypi/simple

Syncing the Environment

After the package was added, executing the command below to update the environment resulted in the following error:

$ uv sync -U --keyring-provider "subprocess"
  × No solution found when resolving dependencies:
  ╰─▶ Because private-package was not found in the package registry and your project depends on private-package, we can conclude that your project's requirements are unsatisfiable.
      hint: An index URL (https://gitlab.com/api/v4/projects/xxxxxxxx/packages/pypi/simple) could not be queried due to a lack of valid authentication credentials (401 Unauthorized).

Identifying the Cause

Upon examining the generated pyproject.toml, it was found that the authentication token (__token__) was removed from the index URL, which prevents the keyring from providing the necessary credentials:

[project]
name = "app"
version = "0.1.0"
requires-python = ">=3.12"
dependencies = [
    "private-package",
]

[tool.uv.sources]
private-package = { index = "gitlab" }

[[tool.uv.index]]
name = "gitlab"
url = "https://gitlab.com/api/v4/projects/xxxxxxxx/packages/pypi/simple"

Question

Is this behavior intended?
If so, it would be helpful to display a warning message indicating that the credentials have been removed, so that users are aware of the change.
(Apologies if this is already documented or has been reported in another issue.)

Platform

Darwin 23.5.0 arm64

Version

uv 0.6.2 (6d3614e 2025-02-19)
@Di-Is Di-Is added the question Asking for clarification or support label Feb 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Asking for clarification or support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Di-Is