Skip to main content
anaconda-auth is a client library and CLI for authenticating with Anaconda APIs and securely storing API keys. This package provides centralized authentication for the Anaconda ecosystem.

Installation

conda install anaconda-auth

Basic usage

Log in to Anaconda

This command opens your browser to authenticate your Anaconda account. Once completed, an API key is stored securely in your /.anaconda/keyring. 
anaconda auth login

Check authentication status

This command displays information about the currently signed-in user. 
anaconda auth whoami

Display your API key

This command prints the API key for the signed-in user (useful for non-interactive environments). 
anaconda auth api-key

Logout

This command removes the stored API key from your keyring. 
anaconda auth logout

Configuration

Configuration comes from multiple sources. When the same setting appears in more than one place, the highest-priority source wins:
  1. ANACONDA_AUTH_* environment variables (highest priority)
  2. .env file in the current working directory
  3. Site settings ([sites.<NAME>]) in /.anaconda/config.toml
  4. Global plugin settings ([plugin.auth]) in /.anaconda/config.toml
  5. Conda context (proxy servers, SSL settings) from .condarc

Site configuration

Use anaconda sites add to register the Anaconda Platform domain you want to authenticate against: 
anaconda sites add --domain <FQDN> --default
This writes a [sites] entry to .anaconda/config.toml and sets it as the default site. To verify, run anaconda sites list. For the full list of site management commands, see sites.
If you are using anaconda.com, no site configuration is needed.
All of the parameters in the table below can be set per-site in a [sites.<name>] section. When a parameter is not set on the site, the value from [plugin.auth] is used as a fallback. For more information on site configuration, see the sites command reference.

Global options

The [plugin.auth] section of /.anaconda/config.toml sets defaults that apply across all sites.
Every parameter can also be set via an ANACONDA_AUTH_ environment variable or a .env file.

Example configuration

# /.anaconda/config.toml
default_site = "my-platform"

[sites."my-platform"]
domain = "platform.example.com"
ssl_verify = false

[plugin.auth]
ssl_verify = true
preferred_token_storage = "anaconda-keyring"
In this example, SSL verification is disabled for the my-platform site but remains enabled as the default for any other site.

Non-interactive usage

API keys issued by anaconda auth login are valid for one year. On systems without interactive browser access, there are several ways to authenticate:
  1. On a system with browser access, run anaconda auth api-key to get your API key.
  2. On the non-interactive system, set the ANACONDA_AUTH_API_KEY environment variable (or add it to a .env file in your working directory).
export ANACONDA_AUTH_API_KEY=$(anaconda auth api-key)