{"id":3883,"library":"artifacts-keyring","title":"Artifacts Keyring","description":"Artifacts Keyring (artifacts-keyring) is a Python library that automatically retrieves credentials for Azure Artifacts feeds. It functions as a backend for the `keyring` library, enabling tools like pip, twine, and other package managers to seamlessly authenticate with Azure DevOps, GitHub Packages, and Azure Container Registry (ACR) feeds. The current version is 1.0.0, and releases are tied to bug fixes or feature additions for Azure Artifacts integration.","status":"active","version":"1.0.0","language":"en","source_language":"en","source_url":"https://github.com/Microsoft/artifacts-keyring","tags":["security","authentication","azure","keyring","azure-artifacts","devops","pypi"],"install":[{"cmd":"pip install artifacts-keyring","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core dependency; this library is a backend for keyring.","package":"keyring","optional":false}],"imports":[{"note":"artifacts-keyring acts as a backend for the `keyring` library, automatically intercepting credential requests for Azure Artifacts feeds. Users primarily interact with `keyring` itself, rather than importing directly from artifacts_keyring.","wrong":"from artifacts_keyring import AzureArtifactsKeyringBackend","symbol":"No direct user-facing symbols for core functionality","correct":"Functionality is automatically registered with `keyring` upon installation."}],"quickstart":{"code":"import os\nimport subprocess\nimport sys\nimport keyring\n\nprint(\"--- Verifying artifacts-keyring installation and backend ---\")\n\ntry:\n    # Run keyring's CLI to list backends and verify registration\n    print(\"Listing available keyring backends...\")\n    result = subprocess.run(\n        [sys.executable, \"-m\", \"keyring\", \"--list-backends\"],\n        capture_output=True, text=True, check=True, encoding=\"utf-8\"\n    )\n    print(\"Available Keyring Backends:\")\n    print(result.stdout)\n    if \"Azure Artifacts Keyring Backend\" in result.stdout:\n        print(\"SUCCESS: Azure Artifacts Keyring Backend found in the list!\")\n    else:\n        print(\"WARNING: Azure Artifacts Keyring Backend NOT found in the listed backends.\")\n\n    print(\"\\n--- Demonstrating keyring interaction (requires Azure Artifacts setup) ---\")\n    # Example of how keyring *would* be used to retrieve a password for an Azure Artifacts service.\n    # Note: This will likely prompt for credentials or return None if no Azure Artifacts\n    # feed is configured in your environment that matches the service_name.\n    # It demonstrates the interaction point, not necessarily a successful auth without setup.\n\n    # Use an example Azure Artifacts service name (replace with your actual feed if testing)\n    # The exact service name format might vary slightly depending on the tool/context,\n    # but generally involves the feed URL or identifier.\n    service_name = \"https://pkgs.dev.azure.com/your_org/_packaging/your_feed/nuget/v3/index.json\"\n    username = \"artifact_username\" # artifacts-keyring often handles username automatically or it's 'token'\n\n    # Set ARTIFACTS_KEYRING_DISABLE_PROMPT to avoid interactive prompts in automated tests\n    os.environ['ARTIFACTS_KEYRING_DISABLE_PROMPT'] = '1'\n\n    print(f\"Attempting to retrieve password for service: {service_name}\")\n    password = keyring.get_password(service_name, username)\n\n    if password:\n        print(f\"Successfully retrieved password for '{service_name}' (first 5 chars): {password[:5]}...\")\n    else:\n        print(f\"No password retrieved for '{service_name}'.\")\n        print(\"This is expected if you are not currently logged into Azure Artifacts\")\n        print(\"or if this specific service name is not configured for automatic credential retrieval.\")\n        print(\"To test further, ensure you have an active Azure login (e.g., `az login`) \")\n        print(\"and try to access an Azure Artifacts feed via a tool that uses keyring (e.g., pip, twine).\")\n\nexcept ImportError:\n    print(\"ERROR: 'keyring' not found. Please ensure 'artifacts-keyring' (which depends on 'keyring') is installed.\")\nexcept subprocess.CalledProcessError as e:\n    print(f\"ERROR: Failed to run keyring CLI. Return code: {e.returncode}\\nStdout: {e.stdout}\\nStderr: {e.stderr}\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates how to verify that `artifacts-keyring` has registered itself as a backend with the `keyring` library, and how to programmatically attempt to retrieve credentials. Note that actual credential retrieval for an Azure Artifacts feed requires an active Azure login session (e.g., via `az login`) and a configured feed."},"warnings":[{"fix":"Interact with the `keyring` library (e.g., `import keyring; keyring.get_password(...)`) after `artifacts-keyring` is installed. No direct imports from `artifacts_keyring` are typically needed for core functionality.","message":"This library functions as a `keyring` backend, transparently providing credentials for Azure Artifacts. Users interact with the `keyring` library's API (e.g., `keyring.get_password`), not a direct API from `artifacts-keyring` itself.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Ensure you are logged into Azure via `az login` or similar mechanisms when using tools that rely on `artifacts-keyring` to access Azure Artifacts feeds.","message":"For `artifacts-keyring` to successfully retrieve credentials, an active Azure Artifacts session or login (e.g., via Azure CLI, Visual Studio, or browser) is often required for initial token acquisition. It does not perform independent authentication.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Verify the active keyring backends using `python -m keyring --list-backends`. If issues persist, consider troubleshooting `keyring` priority configuration or explicitly disabling conflicting backends.","message":"If multiple `keyring` backends are installed, `artifacts-keyring` might not be the default or highest priority for Azure Artifacts URLs, leading to unexpected credential retrieval failures.","severity":"gotcha","affected_versions":"All versions"},{"fix":"For CI/CD or non-interactive scenarios, set the environment variable `ARTIFACTS_KEYRING_DISABLE_PROMPT=1` in your environment where `artifacts-keyring` is used.","message":"By default, `artifacts-keyring` might trigger interactive login prompts when credentials are needed. To prevent this in automated environments (e.g., CI/CD pipelines), set the `ARTIFACTS_KEYRING_DISABLE_PROMPT` environment variable to `1`.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}