UV installing from private nexus repo - how to obfuscate credentials?

janosspaits · August 20, 2025, 6:07pm

Hi all.

I would like to modernize some pipelines with uv. In our company setting, we use a private nexus repo that is hosting our own in-house pypi packages.

Previously I thought this would be impossible to install with UV, with pip we either used pip.conf files or had to use environment variables in Bitbucket pipelines or in docker to sub in the username and password for the repository like so:

pip install -r requirements.txt --trusted-host ${PYPI_TRUSTED_HOST} --index-url https://${USERNAME}:${PASSWORD}@${PYPI_INDEX_URL}

Now, I finally figured out you can do this in UV, like so in your pyproject.toml file:

[[tool.uv.index]]
url = "https://[USERNAME]:[PASSWORD]@[INDEX URL]"
default = true

Obviously in this example I have removed the username, password and URL from the url value.

I would not want to commit the username and password in the pyproject.toml file to the repo.

This file would be used to build the Docker container that would contain the application.

How do people do this in production? How can I substitute values in the pyproject.toml with environment variables?

Many thanks

gkb · August 20, 2025, 6:27pm

uv’s documentation describes how to set the credentials via environment variables.

For example, if you name your index like this:

[[tool.uv.index]]
name = "my-index"
url = "https://[INDEX URL]"
default = true

then you can set the environment variables UV_INDEX_MY_INDEX_USERNAME and UV_INDEX_MY_INDEX_PASSWORD

janosspaits · August 20, 2025, 6:51pm

OK that’s great, thanks. But I would also need to specify the URL (specifically the port number) in the second half of it.

So the full url looks like this:

"https://someusername:p4ssw0rd@registry.someurl.com:5555/repository/pypi/simple

We store the “registry.someurl.com:5555/repository/pypi/simple” in environment variables just in case the devops guys change it we don’t have to change code.

Is there a way to use env vars for that or only the username and password?

gkb · August 20, 2025, 7:06pm

Hm, I don’t know how to make this part configurable as well, sorry.

JamesParrott · August 21, 2025, 7:45am

Expanding env vars in pyproject.toml would certainly be useful, but it’s an issue under careful discussion Expand environment variables in user-provided index URLs · Issue #5734 · astral-sh/uv · GitHub

Is there any reason why you don’t want to keep the requirements.txt and simply replace pip install.... with uv pip install....?