Poetry currently requires either that you store your PyPI password in plaintext (via poetry config http-basic.pypi username password), or enter it on each poetry publish. The first is insecure, the second is inconvenient.
I like what Flit does: store the password in Keyring if that package is installed, and prompt the user to install it otherwise. (Keyring uses the system keychain, e.g. Keychain on macOS, the Freedesktop Secret Service standard on supported UN*X, WinVault on Windows.)
This relates to #111.
Poetry currently requires either that you store your PyPI password in plaintext (via
poetry config http-basic.pypi username password), or enter it on eachpoetry publish. The first is insecure, the second is inconvenient.I like what Flit does: store the password in Keyring if that package is installed, and prompt the user to install it otherwise. (Keyring uses the system keychain, e.g. Keychain on macOS, the Freedesktop Secret Service standard on supported UN*X, WinVault on Windows.)
This relates to #111.