The general idea is absolutely right: using proper keyrings (or ssh) is an excellent thing for security and ease of use.  A big obstacle however is the rules for stdlib inclusion: a module such as keyring which is tied to specific applications/libs/file formats and may need a short release cycle to adapt for changes in the programs.  So while I think keyring is a great library, I fear it does not fit the criteria for stdlib inclusion.

The workaround is to enter your password each time you upload and never store it.  This isn’t great.

What if there was an option specifying a program to call to get the password?  That way one could use clvault (command-line interface to python-keyring), maybe ssh-askpass, keepass, etc., but we wouldn’t have code subject to obsolescence in the stdlib.  It would not be as nice as seamless password retrieval, and it would not be 100% secure (password is still in memory), but it would solve the storage problem.  What do you think?

[FYI the distutils2 project is stopped.  I don’t have the time right now to go into details again, and there isn’t a single link I can give that explains things well.]