No project description provided
Project description
pypitoken-cli
pypitoken-cli is a tool for adding restrictions to PyPI tokens, and a thin wrapper around the pypitoken library.
Motivation
PyPI currently lets you create tokens scoped for your entire account and for a single package, but not a token scoped for multiple packages. This is a problem if you publish a lot of packages yet still want to limit the impact of credential disclosure.
Usage
To create a token scoped for multiple packages (mypackage and mypackage-cli in this example), create a token scoped for your entire account (pypi-xxxxxxxx here), then run pypitoken-cli as follows:
$ pipx run pypitoken-cli -p mypackage mypackage-cli
Enter token: pypi-xxxxxxxx
New restrictions:
- UserIDRestriction(user_id='01234567-89ab-cdef-0123-456789abcdef')
- ProjectNamesRestriction(project_names=['mypackage', 'mypackage-cli'])
pypi-yyyyyyyy
It will create a new token (pypi-yyyyyyyy here) that can only be used to upload artifacts for the specified packages.
Limitations
Other token restrictions, such as "Not Before" and "Not After", aren't implemented yet.
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pypitoken_cli-1.1-py3-none-any.whl.
File metadata
- Download URL: pypitoken_cli-1.1-py3-none-any.whl
- Upload date:
- Size: 3.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e2184329847a0fc96d02084424eec737b0ffae0656529e5222789af9ec0519d4
|
|
| MD5 |
da3c5dc159c7e127c300e6275e95902f
|
|
| BLAKE2b-256 |
1bf259696e02c0940269fcc409ad2b24a33517fa8a39a1ccd815121cd5695adb
|
