astral-sh/uv
Authentication
uv talks to many indexes (PyPI, private mirrors, custom registries) and many protocols
(Simple HTML, PEP 691 JSON, PyPI upload, S3 presigned URLs). All of those credential
sources flow through uv-auth.
Realms
A Realm is the credential scope: (scheme, host, port). Two URLs with the same realm
share credentials. Different ports, different schemes → different realm, different
credentials.
Provider order
The default provider chain is:
- URL-embedded —
https://user:pass@host. - Environment variables —
UV_INDEX_<NAME>_USERNAME,UV_INDEX_<NAME>_PASSWORD. .netrc— read from$NETRCor$HOME/.netrc.- Keyring — only when
--keyring-provideris set. - Trusted publishing — for upload only.
Providers are tried in order; the first to return credentials wins.
Keyring backends
uv-keyring supports subprocess (pip-compatible) and native
backends (gated behind features). The choice is made via --keyring-provider.
uv auth
The user-facing surface for credential management:
uv auth login <service>— store credentials for an index.uv auth logout <service>— remove them.uv auth helper— credential helper for use by other tools.
The persistent store is JSON under ~/.local/share/uv/auth/, with secrets stored in the
configured keyring backend (when one is available).
See also
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.