poetry-source-env is a Poetry plugin that lets you define private package sources for your project without exposing
their URLs in pyproject.toml. It can load package source definitions from environment variables and expand environment
variables in the tool.poetry.source section of pyproject.toml.
This plugin is intended as a workaround for python-poetry/poetry#5958 and will be deprecated if comparable functionality is ever implemented in Poetry itself.
Note that poetry-source-env cannot resolve repositories when installing other Poetry plugins (Poetry does not
load plugins when running poetry self commands). If you need a python-poetry/poetry#5958 workaround for installing Poetry
plugins, see https://github.com/python-poetry/poetry/issues/5958#issuecomment-1479183720.
poetry self add poetry-source-env
Normally, you would define a package source in pyproject.toml like this:
[[tool.poetry.source]]
name = "foo"
url = "https://foo.bar/simple"
priority = "supplemental"
With poetry-source-env, you can define this source via environment variables, similar to how you can already configure publishable repositories:
export POETRY_REPOSITORIES_FOO_URL=https://foo.bar/simple
export POETRY_REPOSITORIES_FOO_PRIORITY=supplemental
If you prefer to keep the source defined in pyproject.toml, you can opt to conceal its name or URL, in whole or
in part, behind environment variables:
export FOO_INDEX_NAME="foo"
export FOO_INDEX_URL="https://foo.bar/simple"
[[tool.poetry.source]]
name = "${FOO_INDEX_NAME}"
url = "${FOO_INDEX_URL}"
priority = "supplemental"
If your source requires authentication, Poetry already supports defining its credentials via environment variables:
export POETRY_HTTP_BASIC_FOO_USERNAME=celsiusnarhwal
export POETRY_HTTP_BASIC_FOO_PASSWORD=superdupersecret
poetry-source-env's behavior can be configured via the tool.poetry-source-env section of pyproject.toml.
Supported configuration options include:
| Name | Type | Description | Required? | Default |
|---|---|---|---|---|
prefix | string | The prefix which poetry-source-env should expect source-defining environment variables to use. Has no effect if env is false. | No | POETRY_REPOSITORIES_ |
env | boolean | Whether to read package source definitions from environment variables. | No | true |
toml | boolean | Whether to expand environment variables in the tool.poetry.source section of pyproject.toml. | No | true |
poetry-source-env is licensed under the MIT License.
FAQs
Load Poetry package sources from environment variables
We found that poetry-source-env demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.