Manipulate PyPI API tokens
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
PyPIToken is an open-source Python library for generating and manipulating PyPI tokens.
PyPI tokens are very powerful, as that they are based on Macaroons. They allow the bearer to add additional restrictions to an existing token. For example, given a PyPI token that can upload releases for any project of its owner, you can generate a token that will only allow some projects, or even a single one.
Here’s an example:
$ pip install pypitokenimport pypitoken
token = pypitoken.Token.load("pypi-foobartoken")
print(token.restrictions)
# [ProjectIDsRestriction(project_ids=["00000000-0000-0000-0000-000000000000"])]
token.restrict(project_names=["requests"])
print(token.restrictions)
# [
# ProjectIDsRestriction(project_ids=["00000000-0000-0000-0000-000000000000"]),
# ProjectNamesRestriction(project_names=["requests"]),
# ]
token.dump()
# pypi-newfoobartokenThis token we’ve created above will be restricted to uploading releases of requests. Of course, your PyPI user will still need to have upload permissions on requests for this to happen.
The aim of this library is to provide a simple toolbelt for manipulating PyPI tokens. Ideally, someday, PyPI (Warehouse) itself may generate their tokens using this library too. This should make it easier to iterate on new kinds of restrictions for PyPI tokens, such as those discussed in the original implementation issue.
A discussion for integrating this library to the Warehouse environment is ongoing:
In the Python Packaging discussions for putting the project under the PyPA umbrella
In the Warehouse tracker for replacing the current macaroon implementation with this lib
Where to go from here
The complete docs is probably the best place to learn about the project.
If you encounter a bug, or want to get in touch, you’re always welcome to open a ticket.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file pypitoken-7.1.1.tar.gz.
File metadata
- Download URL: pypitoken-7.1.1.tar.gz
- Upload date:
- Size: 198.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2e91822471f2de99183f6a881ddb173372f2a2f8e7c55b574235aee1b0417e42 |
|
| MD5 | ee8cbe483985d65cec01a0b9efcb6410 |
|
| BLAKE2b-256 | 21d61b52d35f6aab68d75a0b38211bd6ea6eca0aceefb3e95cd6ca30be03adf9 |
Provenance
The following attestation bundles were made for pypitoken-7.1.1.tar.gz:
Publisher:
ci.yml on ewjoachim/pypitoken
-
Statement:
- Statement type:
https://in-toto.io/Statement/v1 - Predicate type:
https://docs.pypi.org/attestations/publish/v1 - Subject name:
pypitoken-7.1.1.tar.gz - Subject digest:
2e91822471f2de99183f6a881ddb173372f2a2f8e7c55b574235aee1b0417e42 - Sigstore transparency entry: 210516445
- Sigstore integration time:
- Permalink:
ewjoachim/pypitoken@60267310a3c15d27d52282e48b97d85e88f9fa22 - Branch / Tag:
refs/tags/7.1.1 - Owner: https://github.com/ewjoachim
- Access:
public
- Token Issuer:
https://token.actions.githubusercontent.com - Runner Environment:
github-hosted - Publication workflow:
ci.yml@60267310a3c15d27d52282e48b97d85e88f9fa22 - Trigger Event:
push
- Statement type:
File details
Details for the file pypitoken-7.1.1-py3-none-any.whl.
File metadata
- Download URL: pypitoken-7.1.1-py3-none-any.whl
- Upload date:
- Size: 12.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 013e1b273168b37c46d5fbdf572f0d7a454a52fae492d0d7a5f2da600f75bca7 |
|
| MD5 | 9c3f34c1bc7fdef03c8f15ba902c2e4f |
|
| BLAKE2b-256 | 43ddfdcf4e9bfe80a8ebd9f3b47cd77b7722e2933e6923e32ddf1da2e321d464 |
Provenance
The following attestation bundles were made for pypitoken-7.1.1-py3-none-any.whl:
Publisher:
ci.yml on ewjoachim/pypitoken
-
Statement:
- Statement type:
https://in-toto.io/Statement/v1 - Predicate type:
https://docs.pypi.org/attestations/publish/v1 - Subject name:
pypitoken-7.1.1-py3-none-any.whl - Subject digest:
013e1b273168b37c46d5fbdf572f0d7a454a52fae492d0d7a5f2da600f75bca7 - Sigstore transparency entry: 210516446
- Sigstore integration time:
- Permalink:
ewjoachim/pypitoken@60267310a3c15d27d52282e48b97d85e88f9fa22 - Branch / Tag:
refs/tags/7.1.1 - Owner: https://github.com/ewjoachim
- Access:
public
- Token Issuer:
https://token.actions.githubusercontent.com - Runner Environment:
github-hosted - Publication workflow:
ci.yml@60267310a3c15d27d52282e48b97d85e88f9fa22 - Trigger Event:
push
- Statement type:
