Does this approach work for you @rich-church-77699? We have 2 other avenues that have associated issues but still need prioritization. One involves interpolating env vars into

pants.toml

- that doesn't really make things much better, it just means the user:pass could be exposed as env vars / interpolated as atoms instead of the whole URL as with the

PANTS_PYTHON_REPOS_INDEXES

approach. The other is to support flags specified in requirements files. That's also not much better, since it really amounts to the pants.toml interpolation since Pip requirements files also support env var interpolation. The option we haven't pursued or thought about is directly supporting pip.conf. Right now, our resolver - Pex - does use Pip under the hood, but it explicitly turns off ambient Pip env var and file base configuration with

--isolated

. I'm not sure of the implications of turning off that flag, but even if they are undesirable, Pex or Pants could also gain support for parsing

pip.conf

for sensitive configuration values and then manually plumbing those through.