No-fuss, pure-Python keyring backend for Azure DevOps Artifacts feeds

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for letmaik from gravatar.com letmaik Avatar for temporaer from gravatar.com temporaer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: msr-central
  • Tags keyring , azure , devops , artifacts , pip , authentication
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

artifacts-keyring-nofuss

Minimal, pure-Python keyring backend for Azure DevOps Artifacts feeds.

Replaces the official artifacts-keyring (which wraps a ~100 MB .NET binary) with a no-fuss implementation that covers the most common Linux auth scenarios using raw HTTP — no msal, no azure-identity, no .NET.

Install

pip install artifacts-keyring-nofuss

Or for development:

pip install -e .

How it works

When pip (or twine, etc.) queries the keyring for credentials to an Azure DevOps Artifacts feed, this backend:

  1. Discovers the Azure AD tenant by making an unauthenticated request to the feed URL and parsing the WWW-Authenticate header.
  2. Obtains a bearer token using one of the supported auth flows (see below).
  3. Exchanges the bearer token for an org-scoped, read-only Azure DevOps session token (vso.packaging scope) — the narrowest viable scope.
  4. Returns the session token to pip as Basic auth credentials.

Auth flows (priority order)

# Flow How it works
1 Azure CLI Runs az account get-access-token. Most common for local dev.
2 Managed Identity Queries the Azure IMDS endpoint. For VMs/containers on Azure.

Configuration

Select a specific flow

By default, providers are tried in the order above. To force a specific one:

# Environment variable
export ARTIFACTS_KEYRING_NOFUSS_PROVIDER=azure_cli  # or: managed_identity

Or in ~/.config/python_keyring/keyringrc.cfg:

[artifacts_keyring_nofuss]
provider = azure_cli

User-assigned managed identity

Set AZURE_CLIENT_ID to the client ID of the user-assigned managed identity:

export AZURE_CLIENT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

When unset, system-assigned managed identity is used.

Usage with pip

pip install --index-url https://pkgs.dev.azure.com/{org}/_packaging/{feed}/pypi/simple/ my-package

The keyring backend is automatically discovered by pip. No extra flags needed.

Supported feed URLs

Any URL whose host matches one of:

  • pkgs.dev.azure.com
  • pkgs.visualstudio.com
  • pkgs.codedev.ms
  • pkgs.vsts.me

Troubleshooting

Enable verbose debug output to see the full authentication flow:

ARTIFACTS_KEYRING_NOFUSS_DEBUG=1 pip install --index-url https://pkgs.dev.azure.com/{org}/_packaging/{feed}/pypi/simple/ my-package

This prints the provider chain, token exchange steps, and any errors to stderr.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for letmaik from gravatar.com letmaik Avatar for temporaer from gravatar.com temporaer

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: msr-central
  • Tags keyring , azure , devops , artifacts , pip , authentication
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

1.1.1

1.0.0

0.6.0

0.5.0

0.4.0

This version

0.3.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

artifacts_keyring_nofuss-0.3.0.tar.gz (11.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

artifacts_keyring_nofuss-0.3.0-py3-none-any.whl (10.7 kB view details)

Uploaded Python 3

File details

Details for the file artifacts_keyring_nofuss-0.3.0.tar.gz.

File metadata

  • Download URL: artifacts_keyring_nofuss-0.3.0.tar.gz
  • Upload date:
  • Size: 11.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for artifacts_keyring_nofuss-0.3.0.tar.gz
Algorithm Hash digest
SHA256 81f0c8bcc34c3896c02714c241d47f334d02c83fdb6ca2db5323d7047e8d3913
MD5 ce454698ad78492cbdfcbf752d0689f3
BLAKE2b-256 d9b9faa3518fc1b891a0c042dc854849f4265256bd700b8ce1613a52fb652e3b

See more details on using hashes here.

Provenance

The following attestation bundles were made for artifacts_keyring_nofuss-0.3.0.tar.gz:

Publisher: release.yml on microsoft/artifacts-keyring-nofuss

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file artifacts_keyring_nofuss-0.3.0-py3-none-any.whl.

File metadata

File hashes

Hashes for artifacts_keyring_nofuss-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 da21d18043bad551fd48b4e67d704993016f0209cd8eb26fb1165834be3b165b
MD5 b14c1a8d1295cbf6194040c84fb347e9
BLAKE2b-256 fdd234d1da7605cdc8287389d1b43d983079379212f4c5c9c5e2620717e519fb

See more details on using hashes here.

Provenance

The following attestation bundles were made for artifacts_keyring_nofuss-0.3.0-py3-none-any.whl:

Publisher: release.yml on microsoft/artifacts-keyring-nofuss

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page