pip install from Azure DevOps Python Artifacts feed not working

As a workaround:

Looks like you're using option2 from the document to do the install. I happen to see one similar issue which indicates this error message could have something to do with pip.ini(windows) or pip.conf(linux/mac), so I think you can try another approach to avoid something wrong with those configurations.

You can run pip install artifacts-keyring --pre and then run

pip install packageName --index-url https://pkgs.dev.azure.com/xxx/xxx/_packaging/xxx/pypi/simple/ -vvv --no-deps

You would meet something like this when running command pip install artifacts-keyring --pre:

enter image description here

After the login-in passes, you would get the package you need if it do exist in your feed.


Assuming your Azure DevOps artifacts is private and you have a PAT then installing a package from the artifact can be done in the following two ways

  1. If you have access to a terminal (only preferred in dev environment)
pip install https://<your-feed-name>:<your-PAT-key>@pkgs.dev.azure.com/<your-organization-name>/<your-project-name>/_packaging/<your-feed-name>/pypi/simple/ Your-Package-Name==x.x.x

Note: All the names (eg: feed, project) must follow the HTTPS URL convention.A simple (& actually correct) way to get to know the URL is goto Artifacts --> Select your artifact feed --> Connect to feed --> PIP --> Here you will get the correct URL. Also, use the some feed name both the place in URL

  1. Using requirements.txt (this will be ideally used in prod or CI/CD pipeline) and automating the process:

Mind you it need a bit of string/URL manipulation. Add the respective line/URL in your requirements.txt in following manner:

  • The URL will be mostly similar to the earlier URL used in the earlier terminal method
  • In the URL after simple everything will have to change, modified URL-
https://<your-feed-name>:<your-PAT-key>@pkgs.dev.azure.com/<your-organization-name>/<your-project-name>/_packaging/<your-feed-name>/pypi/download/<yourpackagename>/<package version>/Your-Package-Name.whl 
#assuming your package is a .whl file
  • So simple changed to download; then whatever is your package name, whether it contains '-' or '_' or CAPS, everything will be removed and converted into small case.
  • Next is version no of your package that you want to install & finally the name of wheel or .whl file.

My issue was that I had not installed artifacts-keyring. After that I could see VS Code authenticating to the feed and installing the package.

I also needed to upgrade pip (needs to be above > 19.2) with the following command:

python -m pip install --upgrade pip

The fix

Do one of the following:

  • Remove the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable (not very useful, not recommended).

  • Add an extra endpoint to the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable. E.g.,

{"endpointCredentials": [{"endpoint":"https://pkgs.dev.azure.com/company/_packaging/NuGetFeed/nuget/v3/index.json", ...},{"endpoint":"https://pkgs.dev.azure.com/company/company_Software/_packaging/PyPI/pypi/simple/", ...}]}

We have a script which sets up these endpoints, so this turns out to be a simple fix.

The cause

It turns out that if you have used artifacts-credprovider to set up another feed, in our case, a NuGet feed with another endpoint, the VSS_NUGET_EXTERNAL_FEED_ENDPOINTS environment variable stores only that feed URL inside the key endpoint. artifacts-keyring will still read that environment variable even if the endpoint doesn't exist, which causes authentication problem. The -vvv log doesn't tell you anything about authentication and it won't attempt to authenticate using another method.