# Authentication¶

## Basic HTTP authentication¶

pip supports basic HTTP-based authentication credentials. This is done by providing the username (and optionally password) in the URL:

https://username:password@pypi.company.com/simple


For indexes that only require single-part authentication tokens, provide the token as the “username” and do not provide a password:

https://0123456789abcdef@pypi.company.com/simple


### Percent-encoding special characters¶

New in version 10.0.

Certain special characters are not valid in the credential part of a URL. If the user or password part of your login credentials contain any of these special characters, then they must be percent-encoded. As an example, for a user with username user and password he//o accessing a repository at pypi.company.com/simple, the URL with credentials would look like:

https://user:he%2F%2Fo@pypi.company.com/simple


## netrc support¶

pip supports loading credentials from a user’s .netrc file. If no credentials are part of the URL, pip will attempt to get authentication credentials for the URL’s hostname from the user’s .netrc file. This behaviour comes from the underlying use of requests, which in turn delegates it to the Python standard library’s netrc module.

Note

As mentioned in the standard library documentation for netrc, only ASCII characters are allowed in .netrc files. Whitespace and non-printable characters are not allowed in passwords.

Below is an example .netrc, for the host example.com, with a user named daniel, using the password qwerty:

machine example.com


More information about the .netrc file format can be found in the GNU ftp man pages.

## Keyring Support¶

$pip install keyring # install keyring from PyPI$ echo "your-password" | keyring set pypi.company.com your-username

Note that keyring (the Python package) needs to be installed separately from pip. This can create a bootstrapping issue if you need the credentials stored in the keyring to download and install keyring.