Automatically retrieve credentials for AWS CodeArtifact.
Project description
AWS CodeArtifact Keyring Backend
The keyrings.codeartifact
package provides authentication for publishing and consuming packages within a private
PyPi repository hosted on AWS CodeArtifact; it contains an extension to the
keyring library that will automatically inject a time-limited access token.
Installation
To install this package, install the "keyrings.codeartifact" package using pip
:
pip install keyrings.codeartifact
Usage
The keyring
library has been integrated with recent versions of pip and twine. Once installed, this library will
automatically supply credentials whenever pip/twine (or other keyring-enabled package) attempts to use a repository
hosted within CodeArtifact. It will use any appropriate AWS credentials provided in ~/.aws/credentials
by default.
--index-url https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/pypi/${REPOSITORY}/simple/
Config
This backend provides a number of configuration options to modify the behaviour of the AWS client.
The configuration options can be specified within [codeartifact]
sections of the keyringrc.cfg
.
Run keyring diagnose
to find its as the location; it varies between different platforms.
Available options:
profile_name
: Use a specific AWS profile to authenticate with AWS.token_duration
: Validity period (in seconds) for retieved authorization tokens.aws_access_key_id
: Use a specific AWS access key to authenticate with AWS.aws_secret_access_key
: Use a specific AWS secret access key to authenticate with AWS.
For more explanation of these options see the AWS CLI documentation.
Single Section Configuration
A trivial example keyringrc.cfg
section for a single account:
[codeartifact]
# Tokens should only be valid for 30 minutes.
token_duration=1800
# Use the 'default' profile name.
profile_name=default
# Use the following access keys.
aws_access_key_id=xxxxxxxxx
aws_secret_access_key=xxxxxxxxx
Multiple Section Configuration (EXPERIMENTAL)
This backend can use multiple sections to select different configuration values.
Each section may also have any of the following "qualifiers" in any order:
domain
: Matches on the repository domain.account
: Matches on the repository account.region
: Matches on the repository region.name
: Matches on the repository name.
When looking up a CodeArtifact URL, each matching qualifier ranks that section higher.
The section with highest score (ie: the most specific match) will be selected for that URL.
When configured in this manner, the codeartifact
section will specify default values.
An example of a more advanced configuration for using multiple sections:
# These are the defaults for other sections.
[codeartifact]
token_duration=1800
# Use for any repositories in account 000000000000.
[codeartifact account="000000000000"]
profile_name=special_profile
# Use for account 999999999999 with a repository named "staging".
[codeartifact account="999999999999" name="staging"]
profile_name=staging_profile
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for keyrings_codeartifact-1.3.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9ab26cec8d95feebba1c0086c5bba116f00bdeb5449d52ce31df2037aeb5e5a5 |
|
MD5 | 656fcfd1dea053ac85b5d7069e99cb11 |
|
BLAKE2b-256 | a8e93efb931ec0f4f73362a12d1c15cc1d808ad21e384ed636f4e3278cf721b7 |
Hashes for keyrings.codeartifact-1.3.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 91cf4db572d5e668198a63bed49ba163b0aadf9b0217f6ba112e0f3d1fd78a62 |
|
MD5 | a8daccafbdff8cda68f618f949156f0b |
|
BLAKE2b-256 | 087a4c0ec41f92987ce3127aef93c0812cf9371b544568dbb4e0ff8ba490e995 |