poetry-source-env is a Poetry plugin that lets you define private package sources for your project without exposing
their URLs in pyproject.toml. It can load package source definitions from environment variables and expand environment
variables in the tool.poetry.source section of pyproject.toml.
This plugin is intended as a workaround for python-poetry/poetry#5958 and will be deprecated if comparable functionality is ever implemented in Poetry itself.
Note that poetry-source-env cannot resolve repositories when installing other Poetry plugins (Poetry does not
load plugins when running poetry self commands). If you need a python-poetry/poetry#5958 workaround for installing Poetry
plugins, see https://github.com/python-poetry/poetry/issues/5958#issuecomment-1479183720.
poetry self add poetry-source-env
Normally, you would define a package source in pyproject.toml like this:
[[tool.poetry.source]]
name = "foo"
url = "https://foo.bar/simple"
priority = "supplemental"
With poetry-source-env, you can define this source via environment variables, similar to how you can already configure publishable repositories:
export POETRY_REPOSITORIES_FOO_URL=https://foo.bar/simple
export POETRY_REPOSITORIES_FOO_PRIORITY=supplemental
If you prefer to keep the source defined in pyproject.toml, you can opt to conceal its name or URL, in whole or
in part, behind environment variables:
export FOO_INDEX_NAME="foo"
export FOO_INDEX_URL="https://foo.bar/simple"
[[tool.poetry.source]]
name = "${FOO_INDEX_NAME}"
url = "${FOO_INDEX_URL}"
priority = "supplemental"
If your source requires authentication, Poetry already supports defining its credentials via environment variables:
export POETRY_HTTP_BASIC_FOO_USERNAME=celsiusnarhwal
export POETRY_HTTP_BASIC_FOO_PASSWORD=superdupersecret
poetry-source-env's behavior can be configured via the tool.poetry-source-env section of pyproject.toml.
Supported configuration options include:
| Name | Type | Description | Required? | Default |
|---|---|---|---|---|
prefix | string | The prefix which poetry-source-env should expect source-defining environment variables to use. Has no effect if env is false. | No | POETRY_REPOSITORIES_ |
env | boolean | Whether to read package source definitions from environment variables. | No | true |
toml | boolean | Whether to expand environment variables in the tool.poetry.source section of pyproject.toml. | No | true |
poetry-source-env is licensed under the MIT License.
FAQs
Load Poetry package sources from environment variables
We found that poetry-source-env demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.