Twine upload credentials not update, HTTPError 401 Unauthorized

Question

Problem description

My access token to private python package registry expired. Before everything worked well. I have defined .pypirc file as follows:

[distutils]
index-servers =
    gitlab

[gitlab]
repository = <my-repo-url>
username = <access-token-name>
password = <token>

To upload new release I just ran

python -m twine upload --repository gitlab dist/*

After my access token expired I got 401 Unauthorized error. I just tried to generate new token and replace old values in my .pypirc file.

I am still getting 401 Unauthorized error, I tried to run command with --verbose flag, and noticed that twine still tries to use old credentials.

I can successfully upload new distribution with manually defining my new token and username

python3 -m twine upload --repository gitlab dist/* -u <token-name> -p <token>

Why is that? How it can be fixed?

Answer 1

I had a similar issue, and I solved it by using an API token instead of my account password. Do the following steps work for you?

1. Log in to your account on PyPi.org: https://pypi.org/account/login/
2. If you haven't done it already, add an API token for the relevant project and remember to store the value somewhere: https://pypi.org/manage/account/token/
3. From your project directory, type this command in the terminal: twine upload ./dist/*. You should now be prompted to enter username and password:
4. Enter __token__ as username.
5. Enter your relevant API token as password.

Find more info here.

---

Alternatively, try the following command where you replace <token> with your relevant API token. NB: I don't recommend this method as you expose your secret token in the terminal history, which is a security issue:

python3 -m twine upload --repository gitlab dist/* -u __token__ -p <token>

Answer 2

I get the same issue, Jakob's workaround gives a fix. I have no ~/.pypirc, instead a bottom-level project Makefile with

GITLAB_PY_ID := 44068540
GITLAB_PY_URL := https://gitlab.com/api/v4/projects/$(GITLAB_PY_ID)/packages/pypi

upload-gitlab:
    twine upload \
        --user __token__ \
        --password $(GITLAB_PY_TOKEN) \
        --repository-url $(GITLAB_PY_URL) \
        dist/librtree-$(VERSION).tar.gz

where VERSION is defined elsewhere in the Makefile, but GITLAB_PY_TOKEN is defined in the environment via my .bashrc, this at least means that the token does not hit your shell history.

This is properly a comment but needed better formatting, if you think it worth a vote, please give that to Jakob's answer above!