I've been so far using lovely.buildouthttp for a long time, to authenticate buildout to my private PyPI server.

The key required functionality is its ability to use credentials from a separate file. I do not want to enter credentials in the buildout config file itself.

Does zc.buildout nowadays have the ability to use basic auth credentials from another file as well? I could not find this information.

I know there's also isotoma.basicauth.buildout (have not tried it out).

buildout can use data from .pypirc

[kul]
repository:https://your.egg.repo
username:the_userid
password:the_password
realm:your_basicauth_realm

With that, e.g. the following kind of entry in buildout will authenticate correctly, without having to include the credentials in the url:

[buildout]
find-links =
   http://your.egg.repo/packages