Get started with Python packages in Azure Artifacts

Azure DevOps Services | Azure DevOps Server 2019 | Azure DevOps Server 2020

This guide will walk you through using Azure Artifacts to publish and consume Python packages to and from your feed.

Create a feed

  1. From within your project, navigate to Azure Artifacts.

    Go to Azure Artifacts

  2. Select Create Feed.

    New feed button

  3. Give your feed a Name and choose its visibility, upstream sources, and scope settings.

    New feed dialog box

  4. Select Create when you are done.

Azure Artifacts is installed by default for TFS 2017 customers. You must upgrade to TFS 2017 in order to use Azure Artifacts. If this is the first time using your feed, you might be asked to assign a license

  1. Go to Build & Release and select Packages.

    Go to Azure Artifacts TFS

  2. Select + New feed.

    New feed button TFS

  3. Give your feed a Name, a Description, and set up who can read, who can contribute and if you want to Include external packages.

    New feed dialog box TFS

  4. Select Create when you are done.

Connect to feed

There are two primary ways to connect to a feed to publish or consume your Python packages:

  1. Install and use the artifacts-keyring package, which will automatically set up authentication for you.
  2. Manually set up credentials for pip.ini/pip.conf for pushes, and .pypirc for pulls with a personal access token (PAT).


artifacts-keyring is not supported on newer versions of Ubuntu.

Use artifacts-keyring to set up authentication

The artifacts-keyring package allows you to set up authentication to publish and consume your Python packages to and from your feed. Both pip and twine use the Python keyring library to find credentials.


You must have pip 19.2 and twine 1.13.0 or higher to use artifacts-keyring.

  1. In an elevated command prompt window, run the following command to install the artifacts-keyring package:

    pip install artifacts-keyring
  2. Install packages from your feed.

    pip install <package-name> --index-url<your-organization-name>/<your-project-name>/_packaging/<your-feed-name>/pypi/simple
  3. Publish packages to your feed.

    twine upload --repository-url<your-organization-name>/<your-project-name>/_packaging/<your-feed-name>/pypi/upload


The artifacts-keyring package is layered on top of our Azure Artifacts Credential Provider. For more advanced configuration options, check out the artifacts-credprovider repository.

Manually configure authentication

  1. Create a Personal access token with Packaging > Read scope to authenticate into Azure DevOps.

  2. From within your feed, select Connect to feed.

    Connect to feed button

  3. Select pip under the Python header.

    Select pip to connect to your feed

  4. Make sure you have installed the latest version of the Azure Artifacts keyring from the "Get the tools" menu.


    The artifacts-keyring package provides authentication for publishing and consuming Python packages to and from Azure Artifacts feeds.

  5. Create a virtualenv, if you don't already have one.

  6. Add a pip.ini (Windows) or pip.conf (Mac/Linux) file to your virtualenv. Make sure you don't check your personal access token into a public repository.

  7. Run the following command to install a package

    pip install <package-name>

When you connect to Azure DevOps for the first time, you will be prompted for credentials. Enter your user name(any string) and your personal access token in the appropriate fields. The credentials will be cached locally and used to automatically sign you in the next time you use the service.


If you want to set up authentication in Azure Pipelines, use the Python Pip Authenticate task to install packages, or the Python Twine Upload Authenticate task to push packages.