PIP - Private packages

When letting Aikido update your dependencies in repositories with private packages, Aikido would need to also have access to the private packages so we can properly update your requirements files. You can provide private git repository configuration in Aikido for this.

Configuration in Aikido - Private Git repository

Private PyPI registry

In the Pip tab in the private registry settings, provide the index URL to the PyPI registry including the username and password in the following format:

https://<username>:<password>@domain.com/repo

If the private registry is hosted on GitHub, GitLab, BitBucket or Azure DevOps, consult the sections below.

Same SCM organization

If the private git repository for the pip is in the same organization as the code being autofixed, make sure your AutoFix access token has access to the private git repository.

Different SCM organization

You can configure Aikido to authenticate with your private repositories when updating the dependencies by following the steps below:

Go to your account's settings page for the autofixer in Aikido, here.
Click on "Manage private registry connection", the configuration modal will now be shown

When you select 'Custom' you will now be able to enter the environment variables we need to complete the automated fixes in your repositories.
In the example above, we show a possible setup for a private GitHub repository. The environment variable key is PIP_GITHUB__COM, and the value is a GitHub access token with repository access.
Provider
Environment Variable Key
Value Format
GitHub
PIP_GITHUB__COM
your-access-token
GitLab
PIP_GITLAB__COM
your-access-token
Bitbucket
PIP_BITBUCKET__ORG
your-access-token
Azure DevOps
PIP_DEV__AZURE__COM
your-access-token
Click "Apply Changes" to save the configuration.

Last updated 1 month ago

Was this helpful?