anaconda-auth

The anaconda-auth package handles authentication across the Anaconda ecosystem. If you’re using Anaconda CLIs or APIs, you’ll use this package to log in, manage API keys, and configure secure access to Anaconda’s curated repositories.

This tool supports both command-line and Python interfaces, and stores credentials using system keyring or a dedicated file-based store.

Installing anaconda-auth

  1. Open Anaconda Prompt (Terminal on macOS/Linux).

  2. Install anaconda-auth by running the following command:

    conda install --name base anaconda-auth --yes
    

If you already have anaconda-auth installed, it’s best practice to update to the latest version from time to time:

conda update --name base anaconda-auth

CLI usage

You’ll interact with the CLI using anaconda auth and anaconda token commands:

anaconda auth commands

anaconda auth [OPTIONS] <COMMAND> [ARGS]...

Global Options

OptionDescription
--version, -VShow version and exit
--helpShow help message

Available Commands

CommandDescriptionArguments
loginOpen browser to authenticate with Anaconda[anaconda.com, anaconda.org] [default: None]
logoutRemove stored API key
whoamiShow the authenticated user
api-keyPrint your current API key

Examples

# Log in to Anaconda.com at the command line
anaconda auth login --at anaconda.com

# Display information about you as a user
anaconda auth whoami

# Display your current API key
anaconda auth api-key

anaconda-auth also allows for authentication to Anaconda.org. If you do not include --at anaconda.com, you will be prompted to select a domain.

anaconda token commands

anaconda token [OPTIONS] <COMMAND> [ARGS]...

Global Options

OptionDescription
--helpShow help message
CommandDescriptionArguments
installIssue and set a new token
listShow all installed tokens
configConfigure conda to use a token for private access--force
--no-force
Default: no-force
uninstallRemove a token for a specific organization--org <ORG_ID>

Your <ORG_ID> is part of your organization’s URL: https://anaconda.com/app/organizations/<ORG_ID>.


When you log in with anaconda-auth, a token is stored in the specified storage location. This token is deleted when you log out. The auth token is valid for one year.


For more information on token storage, see Token Storage.

Examples

# Issue and set yourself an organization access token
anaconda token install

# Remove an access token for an organization
anaconda token uninstall --org data-science-snakes

Configuration

You can configure anaconda-auth by either:

  • Setting parameters in the plugin.auth section of the ~/.anaconda/config.toml file.
  • Setting one or more ANACONDA_AUTH_ environment variables or using a .env file in your working directory.

Setting variables in an .env file in your working directory takes precedence over the ~/.anaconda/config.toml file.

Configuration Parameters

Config KeyEnv VarDescriptionDefault
domainANACONDA_AUTH_DOMAINAnaconda API domain"anaconda.com"
ssl_verifyANACONDA_AUTH_SSL_VERIFYVerify SSL certificatestrue
preferred_token_storageANACONDA_AUTH_PREFERRED_TOKEN_STORAGEToken store: system or anaconda-keyring"anaconda-keyring"
api_keyANACONDA_AUTH_API_KEYExplicit API key
if None, defaults to keyring storage
None
extra_headersANACONDA_AUTH_EXTRA_HEADERSExtra HTTP headers in JSONNone

Non-interactive usage

If you want to utilize Anaconda services on a system where you do not have interactive access to a browser to use the login command, you have two options:

  1. On a system with browser access, ensure preferred_token_storage is set to "anaconda-keyring".

  2. Run:

    anaconda auth login --at anaconda.com
    

    This creates the ~/.anaconda/keyring file.

  3. Copy the ~/.anaconda/keyring file to the non-interactive system:

    scp ~/.anaconda/keyring user@<TARGET_SYSTEM>:~/.anaconda/keyring
    

Python Usage

You can use anaconda-auth in scripts and applications to authenticate programmatically.

from anaconda_auth import login, logout

login()  # Initiates browser-based login

If a valid token is already present, login() does nothing. To override this behavior:

login(force=True)

To remove the API key from your keyring storage, use the logout() function.

from anaconda_auth import logout

logout()

For more information about using anaconda-auth to make API requests, see the official anaconda-auth docs on GitHub.