From 6bad3d19911f1b92d0609da7fc9704bc25cecccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Randy=20D=C3=B6ring?= <30527984+radoering@users.noreply.github.com> Date: Fri, 22 Nov 2024 11:44:56 +0100 Subject: [PATCH] disable keyring per default --- docs/configuration.md | 4 +++- docs/repositories.md | 15 +++++++++------ src/poetry/config/config.py | 2 +- src/poetry/utils/password_manager.py | 6 +++++- tests/config/test_config.py | 4 ++++ tests/console/commands/test_config.py | 12 ++++++------ tests/utils/test_authenticator.py | 6 ++++++ tests/utils/test_password_manager.py | 6 ++++++ 8 files changed, 40 insertions(+), 15 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 4c72cea72c3..7891a40f8e4 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -532,10 +532,12 @@ for more information. **Type**: `boolean` -**Default**: `true` +**Default**: `false` **Environment Variable**: `POETRY_KEYRING_ENABLED` +*Changed default to `false` in 2.0.0* + Enable the system keyring for storing credentials. See [Repositories - Configuring credentials]({{< relref "repositories#configuring-credentials" >}}) for more information. diff --git a/docs/repositories.md b/docs/repositories.md index 499c5ec59e2..9d37015837e 100644 --- a/docs/repositories.md +++ b/docs/repositories.md @@ -472,16 +472,19 @@ poetry config http-basic.pypi You can also specify the username and password when using the `publish` command with the `--username` and `--password` options. -If a system keyring is available and supported, the password is stored to and retrieved from the keyring. In the above example, the credential will be stored using the name `poetry-repository-pypi`. If access to keyring fails or is unsupported, this will fall back to writing the password to the `auth.toml` file along with the username. - -Keyring support is enabled using the [keyring library](https://pypi.org/project/keyring/). For more information on supported backends refer to the [library documentation](https://keyring.readthedocs.io/en/latest/?badge=latest). - -If you do not want to use the keyring, you can tell Poetry to disable it and store the credentials in plaintext config files: +If a system keyring is available and supported, the password is stored to and retrieved from the keyring. +Otherwise, credentials are stored in plaintext config files. +In order to use keyring, you have to enable keyring support: ```bash -poetry config keyring.enabled false +poetry config keyring.enabled true ``` +In the above example, the credential will be stored using the name `poetry-repository-pypi`. +If access to keyring is disabled, fails or is unsupported, this will fall back to writing the password to the `auth.toml` file along with the username. + +Keyring support is enabled using the [keyring library](https://pypi.org/project/keyring/). For more information on supported backends refer to the [library documentation](https://keyring.readthedocs.io/en/latest/?badge=latest). + {{% note %}} Poetry will fall back to Pip style use of keyring so that backends like diff --git a/src/poetry/config/config.py b/src/poetry/config/config.py index 22906db6a19..7783d4e34a6 100644 --- a/src/poetry/config/config.py +++ b/src/poetry/config/config.py @@ -134,7 +134,7 @@ class Config: }, "system-git-client": False, "keyring": { - "enabled": True, + "enabled": False, }, } diff --git a/src/poetry/utils/password_manager.py b/src/poetry/utils/password_manager.py index fd218524248..d0a5911fba5 100644 --- a/src/poetry/utils/password_manager.py +++ b/src/poetry/utils/password_manager.py @@ -154,7 +154,11 @@ def keyring(self) -> PoetryKeyring: @staticmethod def warn_plaintext_credentials_stored() -> None: - logger.warning("Using a plaintext file to store credentials") + logger.warning( + "Using a plaintext file to store credentials.\n" + "Enable keyring support (`poetry config keyring.enabled true`)" + " to store credentials securely." + ) def set_pypi_token(self, repo_name: str, token: str) -> None: if not self.use_keyring: diff --git a/tests/config/test_config.py b/tests/config/test_config.py index 8afcd0e6596..32ea6461e28 100644 --- a/tests/config/test_config.py +++ b/tests/config/test_config.py @@ -111,6 +111,10 @@ def test_config_expands_tilde_for_virtualenvs_path( def test_disabled_keyring_is_unavailable( config: Config, with_simple_keyring: None, dummy_keyring: DummyBackend ) -> None: + manager = PasswordManager(config) + assert not manager.use_keyring + + config.config["keyring"]["enabled"] = True manager = PasswordManager(config) assert manager.use_keyring diff --git a/tests/console/commands/test_config.py b/tests/console/commands/test_config.py index d4925b85129..074ba7257ae 100644 --- a/tests/console/commands/test_config.py +++ b/tests/console/commands/test_config.py @@ -60,7 +60,7 @@ def test_list_displays_default_value_if_not_set( installer.only-binary = null installer.parallel = true installer.re-resolve = true -keyring.enabled = true +keyring.enabled = false requests.max-retries = 0 solver.lazy-wheel = true system-git-client = false @@ -92,7 +92,7 @@ def test_list_displays_set_get_setting( installer.only-binary = null installer.parallel = true installer.re-resolve = true -keyring.enabled = true +keyring.enabled = false requests.max-retries = 0 solver.lazy-wheel = true system-git-client = false @@ -145,7 +145,7 @@ def test_unset_setting( installer.only-binary = null installer.parallel = true installer.re-resolve = true -keyring.enabled = true +keyring.enabled = false requests.max-retries = 0 solver.lazy-wheel = true system-git-client = false @@ -176,7 +176,7 @@ def test_unset_repo_setting( installer.only-binary = null installer.parallel = true installer.re-resolve = true -keyring.enabled = true +keyring.enabled = false requests.max-retries = 0 solver.lazy-wheel = true system-git-client = false @@ -305,7 +305,7 @@ def test_list_displays_set_get_local_setting( installer.only-binary = null installer.parallel = true installer.re-resolve = true -keyring.enabled = true +keyring.enabled = false requests.max-retries = 0 solver.lazy-wheel = true system-git-client = false @@ -344,7 +344,7 @@ def test_list_must_not_display_sources_from_pyproject_toml( installer.only-binary = null installer.parallel = true installer.re-resolve = true -keyring.enabled = true +keyring.enabled = false repositories.foo.url = "https://foo.bar/simple/" requests.max-retries = 0 solver.lazy-wheel = true diff --git a/tests/utils/test_authenticator.py b/tests/utils/test_authenticator.py index 12d91ab62e7..199833de38c 100644 --- a/tests/utils/test_authenticator.py +++ b/tests/utils/test_authenticator.py @@ -42,6 +42,12 @@ def repo() -> dict[str, dict[str, str]]: return {"foo": {"url": "https://foo.bar/simple/"}} +@pytest.fixture +def config(config: Config) -> Config: + config.config["keyring"]["enabled"] = True + return config + + @pytest.fixture def mock_config(config: Config, repo: dict[str, dict[str, str]]) -> Config: config.merge( diff --git a/tests/utils/test_password_manager.py b/tests/utils/test_password_manager.py index def300e8e64..0c1ffd76aea 100644 --- a/tests/utils/test_password_manager.py +++ b/tests/utils/test_password_manager.py @@ -22,6 +22,12 @@ from tests.conftest import DummyBackend +@pytest.fixture +def config(config: Config) -> Config: + config.config["keyring"]["enabled"] = True + return config + + def test_set_http_password( config: Config, with_simple_keyring: None, dummy_keyring: DummyBackend ) -> None: