PIP - Private packages

When letting Aikido update your dependencies in repositories with private packages, Aikido would need to also have access to the private packages so we can properly update your requirements files. You can provide private git repository configuration in Aikido for this.

Configuration in Aikido - Private Git repository

Private PyPI registry

In the Pip tab in the private registry settings, provide the index URL to the PyPI registry including the username and password in the following format:

https://<username>:<password>@domain.com/repo

If the private registry is hosted on GitHub, GitLab, BitBucket or Azure DevOps, consult the sections below.

Same SCM organization

If the private git repository for the pip is in the same organization as the code being autofixed, make sure your AutoFix access token has access to the private git repository.

Different SCM organization

You can configure Aikido to authenticate with your private repositories when updating the dependencies by following the steps below:

1. Go to your account's settings page for the autofixer in Aikido, here.

2. Click on "Manage private registry connection", the configuration modal will now be shown

1. When you select 'Custom' you will now be able to enter the environment variables we need to complete the automated fixes in your repositories.

   In the example above, we show a possible setup for a private GitHub repository. The environment variable key is PIP_GITHUB__COM, and the value is a GitHub access token with repository access.

   Provider

   Environment Variable Key

   Value Format

   GitHub

   PIP_GITHUB__COM

   your-access-token

   GitLab

   PIP_GITLAB__COM

   your-access-token

   Bitbucket

   PIP_BITBUCKET__ORG

   your-access-token

   Azure DevOps

   PIP_DEV__AZURE__COM

   your-access-token

2. Click "Apply Changes" to save the configuration.