Python packages

Build, manage and secure Python projects and artifacts with Bytesafe. Bytesafe has full support for the Python ecosystem with private Python (PyPI) firewalls and registries for your packages and dependencies.

Users interact with Bytesafe using their regular tools, such as pip for installing and twine for uploading.

Bytesafe offers unlimited registries. You can create as many as you need for your every use-case. Deploy your internal Python artifacts required by team members and CI/CD systems, and upload any artifacts from any public Python package index.

Configure pip to access Bytesafe

Bytesafe PyPI firewalls/registries can be accessed using either the clients pip for installing or twine for uploading.

A valid access token is required. For more information about creating access tokens, see Manage access tokens.

Specify a default PyPI firewall or registry

To remove the need of explicitly stating what registry should be used for each request, you can add the configuration to your pip configuration file.

To configure pip, edit the file ~/.config/pip/pip.conf or $VIRTUAL_ENV/pip.conf (%HOME%\pip\pip.ini on Windows):

Example

Install a Python package using pip

To install Python packages using pip, see the example below. The syntax below assumes you have added user, token and firewall/registry in your pip configuration file:

Publish a Python package using twine

To publish (upload) packages using Twine you need to edit the ~/.pypirc (%HOME%\.pypirc) file.

Example

You can then publish (a built package) with:

Proxy pypi.org as an upstream

Proxy any public Python package index with Bytesafe by adding the public Python Package Index as an upstream for a registry. This configuration is enabled for the default registry created when first entering a new workspace.

To add an upstream manually go to the upstreams tab for a registry and click Add upstream button.

In the sidebar, select the public registry, PyPI - https://pypi.org/simple in the drop-down list or add any other Python Package Index.

No additional information is required to pull packages from the public registry.

Users that also want to publish packages to the public registry are required to provide their authentication token.

Actions related to enabled plugins (like vulnerability scanning and license compliance checks) are performed before package versions enter a registry.

Example: Upstream configuration where Bytesafe proxy the public Python Package Index.

flowchart TD
  A(fab:fa-python pypi.org) <--> | pull / push | B{Bytesafe registry} <--> | install / publish | C[fa:fa-user User / Project]

• Users interact with Bytesafe registry (e.g. pip or twine).
• Bytesafe handles the interaction with pypi.org
• Requests for package versions that are not available in Bytesafe registry, will be requested from pypi.org and the package version downloaded will be cached in Bytesafe.

Alternative configuration

Authentication

Instead of adding the user and token to the pip.config (pip.ini) file as described above, another alternative is to add the access token in the ~/.netrc file (%HOME%\_netrc on Windows).

Installing from a specific firewall/registry

If you have not defined a default firewall or registry, you need to specify that when installing packages as in the example below: