Skip to content

Including dependencies from private repositories

Including dependencies from private repositories

Python's package installer is the most recommended and easiest way to include 3rd party libraries into one's project.
Including a dependency is as simple as adding it to the requirements.txt file and have it installed prior to the project's execution.

Specific libraries, behind a private repository, may be required by the project. Kelvin-SDK supports this installation by resorting to pip's configuration system.

Credentials in requirements.txt is not advised

Including credentials inside of requirements.txt is discouraged as it will leak your credentials by storing them inside the final docker image.

Solution 1: pip global configuration file

The recommended method is to provide credentials via pip's global configuration.

Credentials can be specified using pip's configuration file, usually located under ~/.config/pip/pip.conf:

[global]
extra-index-url = https://username:password@nexus.kelvininc.com/repository/pypi-kelvin/simple

Solution 2: Environment variable setting

As an alternative, it is possible to discretely provide credentials that will not be part of the requirements file and consequently not be available in the final image layers.

This can be achieved through the PIP_EXTRA_INDEX_URL environment variable.

export PIP_EXTRA_INDEX_URL=https://username:password@nexus.kelvininc.com/repository/pypi-kelvin/simple