poetry, the python package manager, provides several ways of authenticating against a repository. What isn’t explicitly documented, because it’s an implicit dependency, is that poetry can also use the ~/.netrc file for authentication when fetching packages.
poetry uses requests under the covers, and requests falls back to the ~/.netrc file. This is the same fallback method for pip for the same reason.
There are several (probably bad) reasons why someone would want to do this vs one of the explicit methods given by poetry. One that comes to mind is needing to install python packages from a private repository from inside a docker container by simply volume mapping the host’s ~/.netrc file to have poetry use the right creds.
This approach probably won’t work when publishing packages — caveat emptor.
While I’m not suggesting that this is a best practice, it’s good to know that it’s an available method in some extreme edge cases.
2 thoughts on “poetry auth via .netrc”
> (probably bad) reasons
Just curious – what makes you say this? I’m thinking for some private pypi index requiring auth, this seems like it would require one less manual step if you wanted to work towards automating dev onboarding.
I think it makes discoverability / understanding how it’s working more difficult because auth via .netrc working is really a side effect (poetry using requests using netrc). Configuring poetry to use the creds explicitly will be less confusing down the road. I can see this playing out where it works on one person’s system, but not another because they are missing the .netrc creds, and no one really groks why.