{"id":4071,"library":"keyrings-codeartifact","title":"AWS CodeArtifact Keyring Backend","description":"The `keyrings.codeartifact` package provides automatic authentication for publishing and consuming Python packages within private PyPI repositories hosted on AWS CodeArtifact. It extends the `keyring` library to automatically inject time-limited access tokens, integrating seamlessly with tools like `pip`, `twine`, `uv`, and `pixi`. It is currently at version 2.1.2 and is actively maintained.","status":"active","version":"2.1.2","language":"en","source_language":"en","source_url":"https://github.com/jmkeyes/keyrings.codeartifact.git","tags":["aws","codeartifact","keyring","authentication","credentials","pypi","packaging"],"install":[{"cmd":"pip install keyrings-codeartifact","lang":"bash","label":"Install with pip"}],"dependencies":[{"reason":"This package is an extension to the `keyring` library, which provides the underlying secure credential storage mechanism.","package":"keyring","optional":false},{"reason":"Used to interact with AWS services, specifically to generate and retrieve CodeArtifact authorization tokens.","package":"boto3","optional":false}],"imports":[{"note":"While `keyrings.codeartifact` is an importable module, its primary function is to register itself as a backend for the `keyring` library upon installation. Users typically do not directly import classes or functions from `keyrings.codeartifact` for its core credential-providing functionality; rather, `pip`, `twine`, `uv`, or `pixi` implicitly utilize it via the `keyring` abstraction.","symbol":"keyrings.codeartifact","correct":"import keyrings.codeartifact"}],"quickstart":{"code":"# 1. Install the keyrings-codeartifact package\n# pip install keyrings-codeartifact\n\n# 2. Ensure your AWS CLI is configured with appropriate credentials.\n#    For example, through ~/.aws/credentials or environment variables (AWS_ACCESS_KEY_ID, etc.).\n#    You can verify with: aws sts get-caller-identity\n\n# 3. Configure pip to use your AWS CodeArtifact repository.\n#    Replace <DOMAIN>, <ACCOUNT_ID>, <REGION>, <REPOSITORY> with your CodeArtifact details.\n#    The 'aws' username is required by CodeArtifact for token-based authentication.\nCODEARTIFACT_INDEX_URL = \"https://<DOMAIN>-<ACCOUNT_ID>.d.codeartifact.<REGION>.amazonaws.com/pypi/<REPOSITORY>/simple/\"\n\n# Example of how pip would implicitly use the keyring backend:\n# Assuming 'my-private-package' is in your CodeArtifact repository\n# and `keyrings-codeartifact` is installed and AWS credentials are set up.\n# This command would use the credential provided by keyrings.codeartifact automatically.\n# pip install my-private-package --index-url $CODEARTIFACT_INDEX_URL\n\n# To demonstrate that it doesn't break standard pip operations, you can try installing a public package:\n# pip install requests","lang":"python","description":"This quickstart demonstrates how to set up `keyrings-codeartifact` for use with `pip`. The library integrates automatically once installed, provided your AWS CLI credentials are configured. Users interact with their package manager (`pip`, `twine`, `uv`, `pixi`) normally, and `keyrings.codeartifact` transparently supplies the necessary tokens."},"warnings":[{"fix":"Ensure `keyrings-codeartifact` is installed in the environment where your package manager (pip, twine, etc.) is run. Configure your package manager to point to the CodeArtifact repository URL.","message":"The `keyrings.codeartifact` package functions as a backend for the `keyring` library. Its core utility is in automatically providing credentials to `pip`, `twine`, `uv`, or `pixi` without direct Python API calls by the user. Users typically do not import and use `keyrings.codeartifact` directly.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Verify your AWS CLI configuration (`aws sts get-caller-identity`). If issues persist, running `keyring diagnose` can help identify problems with the keyring setup or location of the `keyringrc.cfg` file.","message":"CodeArtifact authorization tokens are temporary and expire (defaulting to 12 hours). `keyrings.codeartifact` is designed to refresh these tokens automatically. If you encounter authentication failures, ensure your underlying AWS credentials (e.g., in `~/.aws/credentials`) are valid and have permissions to `codeartifact:GetAuthorizationToken`.","severity":"gotcha","affected_versions":"All versions"},{"fix":"For `uv`, use `uv tool install keyring --with keyrings.codeartifact`. For `pipx`, use `pipx install keyring` and then `pipx inject keyring keyrings.codeartifact` to ensure they share the same virtual environment.","message":"When using `uv` or `pipx`, `keyring` and `keyrings.codeartifact` often need to be installed in the same environment (or globally if `uv` is configured for subprocess mode) for `keyring` to properly discover and utilize the CodeArtifact backend. Installing them in separate isolated environments might prevent `keyring` from functioning correctly.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Run `keyring diagnose` to find the exact location of `keyringrc.cfg` on your system. Refer to the `keyrings.codeartifact` documentation for available options and their correct syntax within the `[codeartifact]` section.","message":"Custom configuration options (e.g., `profile_name`, `token_duration`, explicit `aws_access_key_id`/`aws_secret_access_key`) for `keyrings.codeartifact` are managed via the `keyringrc.cfg` file. The location of this file can vary by platform. Incorrectly configured options can lead to authentication failures.","severity":"gotcha","affected_versions":"All versions"},{"fix":"If encountering issues specifically on Windows, consider setting `poetry config keyring.enabled false` if using Poetry, or exploring alternatives if a token character limit is suspected to be the root cause. This is a rare edge case, but worth noting.","message":"On Windows, some users have reported issues with `keyring` backends (which `keyrings.codeartifact` utilizes) related to character limits for tokens stored in the credential manager. This can lead to authentication failures for very long tokens.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}