Pipenv and GCP Python Artifact

It took me a while to figure out how to get pipenv to work nicely with a GCP Python Artifact, so I thought I’d record the steps I took to make things work for me.

Step 1: Add [[source]] to Pipfile

As usual you’ll want to add the relevant [[source]] information to your Pipfile

[[source]]
name = "gcp"
url = "https://oauth2access@<location>-python.pkg.dev/<project>/<repo-name>/simple"
verify_ssl = true

The oauth2access part can actually be any user name, GCP docs do refer to _json_key_base64 at times.

Step 2: Add/update [pipenv] section in Pipfile

You need to disable pip input in Pipfile, this is the part that took me a while to figure out.

[pipenv]
disable_pip_input = false

Step 3: Install keyring and keyrings.google-artifactregistry-auth

In order for pipenv to know to use google authentication process you need to install the relevant keyring libraries.

pipenv install keyring keyrings.google-artifactregistry-auth --dev

Note if you have a package listed in the Pipfile that references the GCP source, then you will need to install the keyring libraries via pip first.

pipenv run python3 -m pip install keyring keyrings.google-artifactregistry-auth

Step 4: Add Google credentials

Either set the credentials with GOOGLE_APPLICATION_CREDENTIALS env var.

echo "GOOGLE_APPLICATION_CREDENTIALS=/path/to/gsa_key.json" > .env

Make sure to re-spawn the shell within the virtualenv to load the env vars from .env if necessary.

or you can make use of gcloud to login.

gcloud auth login

Refer to the Google Docs for more information on setting up credentials.

Step 5: Add package located in GCP Python artifact

You can now install any package from your GCP Python artifact.

pipenv install <package-name> --index=gcp