Metadata-Version: 2.1
Name: pypitoken-cli
Version: 1.1
Author-Email: Catherine <whitequark@whitequark.org>
License: 0BSD
Requires-Python: <4,>=3.10
Requires-Dist: pypitoken~=7.1
Description-Content-Type: text/markdown

pypitoken-cli
=============

_pypitoken-cli_ is a tool for adding restrictions to PyPI tokens, and a thin wrapper around the [pypitoken](https://pypi.org/project/pypitoken/) library.

Motivation
----------

PyPI currently lets you create tokens scoped for your entire account and for a single package, but not a token scoped for multiple packages. This is a problem if you publish a lot of packages yet still want to limit the impact of credential disclosure.

Usage
-----

To create a token scoped for multiple packages (`mypackage` and `mypackage-cli` in this example), create a token scoped for your entire account (`pypi-xxxxxxxx` here), then run _pypitoken-cli_ as follows:

```console
$ pipx run pypitoken-cli -p mypackage mypackage-cli
Enter token: pypi-xxxxxxxx
New restrictions:
 - UserIDRestriction(user_id='01234567-89ab-cdef-0123-456789abcdef')
 - ProjectNamesRestriction(project_names=['mypackage', 'mypackage-cli'])
pypi-yyyyyyyy
```

It will create a new token (`pypi-yyyyyyyy` here) that can only be used to upload artifacts for the specified packages.

Limitations
-----------

Other token restrictions, such as "Not Before" and "Not After", aren't implemented yet.

License
-------

[0-clause BSD](LICENSE-0BSD.txt)
