Create a Project-Scoped PYPI Token via an API?

I’ve recently enabled 2FA and migrated to token based authentication when uploading packages to pypi. I’m currently using a single token for all projects, which is not ideal. If the token is compromised on any project then it becomes compromised for all projects.

Fortunately, PYPI has the ability to generate tokens scoped only for a single project. However, I have 35 different projects and I really don’t want to go through the whole point and click for every single one — let alone managing them all.

I would like to script it instead. Given that I have an all-project token locally on my developer machine, it would be great if I could use some authenticated API to request a new token with a specific scope. I can script that so it generates it and uploads it to github/gitlab/deployment server, and then run that script in a loop over all projects.

Does something like this exist? If not, where can I submit this as a feature request?

1 Like

I don’t believe it exists… unless I’m forgetting it.

Issues can be filed on GitHub - pypi/warehouse: The Python Package Index

This is https://github.com/pypi/warehouse/issues/6396.

1 Like