When keyring is disabled, poetry tries to use it anyways.

[lakinwecker]

• I am on the latest Poetry version.
• I have searched the issues of this repo and believe that this is not a duplicate.
• If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• Arch linux up to date:
• 1.1.13:
• Link of a Gist with the contents of your pyproject.toml file: pyproject.toml

Issue

If you disable keyring via it's recommended route: https://github.com/jaraco/keyring#disabling-keyring you end up with a "null" keyring being used. This is a useless keyring, but poetry continues to try and use it regardless. poetry should treat it the same as if keyring was unavailable.

[lakinwecker]

To be clear, when it fails this way, it fails to do things like it doesn't try and use the environment variable. It just silently ignores it.

[tyler-8]

To be clear, when it fails this way, it fails to do things like it doesn't try and use the environment variable. It just silently ignores it.

This is a key symptom. I've been very confused as to why my correctly set environment variables for username/password of a private repo are not working. It wasn't until I disabled the keyring (as apparently I'd configured poetry to use it in the past) that I realized that truly the envars were being bypassed. Instead I get prompted for the password when doing poetry publish -r myrepo.

# envars
POETRY_HTTP_BASIC_MYREPO_USERNAME=someuser
POETRY_HTTP_BASIC_MYREPO_PASSWORD=password

# poetry config --list

repositories.myrepo.url = "https://internalpypi.domain.com/pypi"

[kadler]

I ran in to this same issue today. Looks like a similar check like this needs to be made for "null":

https://github.com/python-poetry/poetry/blob/master/src/poetry/utils/password_manager.py#L100-L102

[kadler]

As a workaround, the "fail" backend can be used: export PYTHON_KEYRING_BACKEND=keyring.backends.fail.Keyring

[lakinwecker]

I ran in to this same issue today. Looks like a similar check like this needs to be made for "null":

https://github.com/python-poetry/poetry/blob/master/src/poetry/utils/password_manager.py#L100-L102

Yes, that's what the associated pull request does. 👍 Just waiting on me to have the time to get the unit tests done and I don't know when that will happen.

[kadler]

Oh sorry, I didn't see there was a PR already. Nice!

[epogrebnyak]

As a workaround, the "fail" backend can be used: export PYTHON_KEYRING_BACKEND=keyring.backends.fail.Keyring

This is genius, helped so much, thank you.

[callamd]

2023 and this issue still exists and is not fixed. :)

[lakinwecker]

This issue was fixed with the #5251 and released sometime thereafter. I haven't run into the issue since that point. If you're running into something similar can you double check that you're using a recent enough version so that it includes the fix and if so, please submit details of how to reproduce it, rather than just claiming it still exists?

[maxbachmann]

I am running into this with 1.4.2 again as well. I just tried to run poetry lock in the cleo repository.

[lakinwecker]

I can't reproduce it: https://gist.github.com/lakinwecker/e85279c2fece8bec211c3608567c4162

Do you have an environment variable for PYTHON_KEYRING_BACKEND set? I don't

cleo on  main is 📦 v2.1.0.dev0 via 🐍 v3.11.3 (cleo-py3.11) 
!->

[lakinwecker]

Even with the keyring set, I can't reproduce it.

[aldum]

Question: why is it trying to access a keyring when installing dependencies?

[ralbertazzi]

#1917

[rdbisme]

Question: why is it trying to access a keyring when installing dependencies?

Because sometimes you might want to access dependencies on an authenticated custom pypi registry?

[maciej-gol]

Question: why is it trying to access a keyring when installing dependencies?

Because sometimes you might want to access dependencies on an authenticated custom pypi registry?

It should be clear which dependencies it accesses the keyring for, though. Having a generic prompt to access my keyring by a package manager knowing that I don't use custom pypi registry triggers my safety bells.

[kierke-gaard]

Same problem on wsl2. This has helped (thanks for the advise):

export PYTHON_KEYRING_BACKEND=keyring.backends.fail.Keyring

[gbrandt1]

still present in 1.7.1 :-(

[codethief]

I just ran into this again and, once more, it took me a while to figure this out, since poetry add -vvv <package> just froze and didn't output anything useful. sigh

Can we please at least re-open this ticket and acknowledge this is an issue that needs fixing?

[radoering]

There is #8623 and #8761. Do you think we need a third issue?

And there is #8910 (which will be included in 1.8). Apart from introducing a config setting to disable keyring, it refactored keyring access and thereby fixed some bugs.

[maciej-gol]

@radoering From my POV, this doesn't address my concerns, as I still believe keyring should be disabled by default and opt-in for users that actually need it. That solution no different than putting export PYTHON_KEYRING_BACKEND=keyring.backends.fail.Keyring into my .bashrc. But its a step into good direction, nonetheless.

[ManBearPigg]

There is #8623 and #8761. Do you think we need a third issue?

Prob because it breaks the whole project and the obscure fix is hard to find. I know it's free software I'm just saying why

[callamd]

Let me help ya'll out with some pseudocode ``` if need_keyring: ask_for_keyring() ```

…

On Wed, 21 Feb 2024 at 09:00, Maciej Gol ***@***.***> wrote: @radoering <https://github.com/radoering> From my POV, this doesn't address my concerns, as I still believe keyring should be disabled by default and opt-in for users that *actually need* it. That solution no different than putting export PYTHON_KEYRING_BACKEND=keyring.backends.fail.Keyring into my .bashrc. But its a step into good direction, nonetheless. — Reply to this email directly, view it on GitHub <#5250 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAMWNEEDVH3UEWI3AQYB7TLYUWZTNAVCNFSM5PSHIM62U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCOJVGYYTOOJRGE4Q> . You are receiving this because you commented.Message ID: ***@***.***>

[maciej-gol]

@cal97g nice try, 2/10. Missing tests.

[alanwilter]

Why is this issue closed? Spent two days and two developers to figure this out, using v1.8.2.

poetry could be much smarter here. Could at least warn about it. This is another reason why we considering hatch again.

[radoering]

It's closed because the original issue has been resolved in #5251.
(Poetry now respects PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring.)

As already mentioned, there are at least two open issues, which fit better for people still experiencing issues with keyring: #8623 and #8761

If you have useful information please comment on these issues or open a new issue if you think that your issue is not covered by them.