Open-Source Wikis

/

uv

/

Features

/

Authentication

astral-sh/uv

Authentication

uv talks to many indexes (PyPI, private mirrors, custom registries) and many protocols (Simple HTML, PEP 691 JSON, PyPI upload, S3 presigned URLs). All of those credential sources flow through uv-auth.

Realms

A Realm is the credential scope: (scheme, host, port). Two URLs with the same realm share credentials. Different ports, different schemes → different realm, different credentials.

Provider order

The default provider chain is:

  1. URL-embeddedhttps://user:pass@host.
  2. Environment variablesUV_INDEX_<NAME>_USERNAME, UV_INDEX_<NAME>_PASSWORD.
  3. .netrc — read from $NETRC or $HOME/.netrc.
  4. Keyring — only when --keyring-provider is set.
  5. Trusted publishing — for upload only.

Providers are tried in order; the first to return credentials wins.

Keyring backends

uv-keyring supports subprocess (pip-compatible) and native backends (gated behind features). The choice is made via --keyring-provider.

uv auth

The user-facing surface for credential management:

  • uv auth login <service> — store credentials for an index.
  • uv auth logout <service> — remove them.
  • uv auth helper — credential helper for use by other tools.

The persistent store is JSON under ~/.local/share/uv/auth/, with secrets stored in the configured keyring backend (when one is available).

See also

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Authentication – uv wiki | Factory