diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ab465cb..974acff 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -47,7 +47,7 @@ jobs:
         run: |
           set -euo pipefail
           latest_version="$(jq -r '.version' package.json)"
-          count_expected=19
+          count_expected=20
           count_actual="$(grep -c "setup-pixi@v$latest_version" README.md || true)"
           if [ "$count_actual" -ne "$count_expected" ]; then
             echo "::error file=README.md::Expected $count_expected mentions of \`setup-pixi@v$latest_version\` in README.md, but found $count_actual."
diff --git a/README.md b/README.md
index 23a7c29..721d446 100644
--- a/README.md
+++ b/README.md
@@ -213,6 +213,16 @@ You can also specify the session token using the `auth-session-token` input argu
 
 See the [pixi documentation](https://pixi.sh/latest/advanced/s3) for more information about S3 authentication.
 
+#### PyPI keyring provider
+
+You can specify whether to use keyring to look up credentials for PyPI.
+
+```yml
+- uses: prefix-dev/setup-pixi@v0.9.0
+  with:
+    pypi-keyring-provider: subprocess # one of 'subprocess', 'disabled'
+```
+
 ### Custom shell wrapper
 
 `setup-pixi` allows you to run command inside of the pixi environment by specifying a custom shell wrapper with `shell: pixi run bash -e {0}`.
diff --git a/action.yml b/action.yml
index 5aac1ab..8f42937 100644
--- a/action.yml
+++ b/action.yml
@@ -63,6 +63,10 @@ inputs:
     description: Secret access key to use for S3 authentication.
   auth-s3-session-token:
     description: Session token to use for S3 authentication.
+  pypi-keyring-provider:
+    description: |
+      Specifies whether to use keyring to look up credentials for PyPI.
+      options: disabled, subprocess
   post-cleanup:
     description: |
       If the action should clean up after itself. Defaults to `true`.
diff --git a/dist/index.js b/dist/index.js
index 8871f14..cd774c9 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -73867,6 +73867,7 @@ var pixiCmd = (command, withManifestPath = true) => {
 var pixiPath = "pixi.toml";
 var pyprojectPath = "pyproject.toml";
 var logLevelSchema = _enum(["q", "default", "v", "vv", "vvv"]);
+var pypiKeyringProviderSchema = _enum(["disabled", "subprocess"]);
 var PATHS = {
   pixiBin: import_path.default.join(import_os2.default.homedir(), ".pixi", "bin", `pixi${import_os2.default.platform() === "win32" ? ".exe" : ""}`)
 };
@@ -74064,8 +74065,10 @@ var inferOptions = (inputs) => {
     s3SessionToken: inputs.authS3SessionToken
   };
   const postCleanup = inputs.postCleanup ?? true;
+  const pypiKeyringProvider = inputs.pypiKeyringProvider;
   return {
     pixiSource,
+    pypiKeyringProvider,
     downloadPixi: downloadPixi2,
     logLevel,
     manifestPath,
@@ -74115,6 +74118,7 @@ var getOptions = () => {
     authS3AccessKeyId: parseOrUndefined("auth-s3-access-key-id", string2()),
     authS3SecretAccessKey: parseOrUndefined("auth-s3-secret-access-key", string2()),
     authS3SessionToken: parseOrUndefined("auth-s3-session-token", string2()),
+    pypiKeyringProvider: parseOrUndefined("pypi-keyring-provider", pypiKeyringProviderSchema),
     postCleanup: parseOrUndefinedJSON("post-cleanup", boolean2())
   };
   core2.debug(`Inputs: ${JSON.stringify(inputs)}`);
@@ -74310,15 +74314,23 @@ var pixiInstall = async () => {
     return Promise.resolve();
   }
   return tryRestoreCache().then(async (_cacheKey) => {
-    if (options.environments) {
-      for (const environment of options.environments) {
-        core5.debug(`Installing environment ${environment}`);
-        const command = `install -e ${environment}${options.frozen ? " --frozen" : ""}${options.locked ? " --locked" : ""}`;
-        await core5.group(`pixi ${command}`, () => execute(pixiCmd(command)));
+    const environments = options.environments ?? [void 0];
+    for (const environment of environments) {
+      core5.debug(`Installing environment ${environment ?? "default"}`);
+      let command = `install`;
+      if (environment) {
+        command += ` -e ${environment}`;
       }
-    } else {
-      const command = `install${options.frozen ? " --frozen" : ""}${options.locked ? " --locked" : ""}`;
-      return core5.group(`pixi ${command}`, () => execute(pixiCmd(command)));
+      if (options.frozen) {
+        command += " --frozen";
+      }
+      if (options.locked) {
+        command += " --locked";
+      }
+      if (options.pypiKeyringProvider) {
+        command += ` --pypi-keyring-provider ${options.pypiKeyringProvider}`;
+      }
+      await core5.group(`pixi ${command}`, () => execute(pixiCmd(command)));
     }
   }).then(saveCache2);
 };
diff --git a/dist/post.js b/dist/post.js
index 4ff3670..5c795fe 100644
--- a/dist/post.js
+++ b/dist/post.js
@@ -29659,6 +29659,7 @@ https://github.com/prefix-dev/pixi/releases/download/{{version}}/{{pixiFile}}
 var pixiPath = "pixi.toml";
 var pyprojectPath = "pyproject.toml";
 var logLevelSchema = _enum(["q", "default", "v", "vv", "vvv"]);
+var pypiKeyringProviderSchema = _enum(["disabled", "subprocess"]);
 var PATHS = {
   pixiBin: import_path.default.join(import_os.default.homedir(), ".pixi", "bin", `pixi${import_os.default.platform() === "win32" ? ".exe" : ""}`)
 };
@@ -29856,8 +29857,10 @@ var inferOptions = (inputs) => {
     s3SessionToken: inputs.authS3SessionToken
   };
   const postCleanup = inputs.postCleanup ?? true;
+  const pypiKeyringProvider = inputs.pypiKeyringProvider;
   return {
     pixiSource,
+    pypiKeyringProvider,
     downloadPixi,
     logLevel,
     manifestPath,
@@ -29907,6 +29910,7 @@ var getOptions = () => {
     authS3AccessKeyId: parseOrUndefined("auth-s3-access-key-id", string2()),
     authS3SecretAccessKey: parseOrUndefined("auth-s3-secret-access-key", string2()),
     authS3SessionToken: parseOrUndefined("auth-s3-session-token", string2()),
+    pypiKeyringProvider: parseOrUndefined("pypi-keyring-provider", pypiKeyringProviderSchema),
     postCleanup: parseOrUndefinedJSON("post-cleanup", boolean2())
   };
   core2.debug(`Inputs: ${JSON.stringify(inputs)}`);
diff --git a/src/main.ts b/src/main.ts
index 7b3b084..da73cf2 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -66,17 +66,23 @@ const pixiInstall = async () => {
   }
   return tryRestoreCache()
     .then(async (_cacheKey) => {
-      if (options.environments) {
-        for (const environment of options.environments) {
-          core.debug(`Installing environment ${environment}`)
-          const command = `install -e ${environment}${options.frozen ? ' --frozen' : ''}${
-            options.locked ? ' --locked' : ''
-          }`
-          await core.group(`pixi ${command}`, () => execute(pixiCmd(command)))
+      const environments = options.environments ?? [undefined]
+      for (const environment of environments) {
+        core.debug(`Installing environment ${environment ?? 'default'}`)
+        let command = `install`
+        if (environment) {
+          command += ` -e ${environment}`
         }
-      } else {
-        const command = `install${options.frozen ? ' --frozen' : ''}${options.locked ? ' --locked' : ''}`
-        return core.group(`pixi ${command}`, () => execute(pixiCmd(command)))
+        if (options.frozen) {
+          command += ' --frozen'
+        }
+        if (options.locked) {
+          command += ' --locked'
+        }
+        if (options.pypiKeyringProvider) {
+          command += ` --pypi-keyring-provider ${options.pypiKeyringProvider}`
+        }
+        await core.group(`pixi ${command}`, () => execute(pixiCmd(command)))
       }
     })
     .then(saveCache)
diff --git a/src/options.ts b/src/options.ts
index 699d5aa..4426735 100644
--- a/src/options.ts
+++ b/src/options.ts
@@ -32,6 +32,7 @@ type Inputs = Readonly<{
   authS3AccessKeyId?: string
   authS3SecretAccessKey?: string
   authS3SessionToken?: string
+  pypiKeyringProvider?: 'disabled' | 'subprocess'
   postCleanup?: boolean
 }>
 
@@ -79,6 +80,7 @@ export type Options = Readonly<{
   cache?: Cache
   pixiBinPath: string
   auth?: Auth
+  pypiKeyringProvider?: 'disabled' | 'subprocess'
   postCleanup: boolean
   activatedEnvironment?: string
 }>
@@ -88,6 +90,9 @@ const pyprojectPath = 'pyproject.toml'
 const logLevelSchema = z.enum(['q', 'default', 'v', 'vv', 'vvv'])
 export type LogLevel = z.infer<typeof logLevelSchema>
 
+const pypiKeyringProviderSchema = z.enum(['disabled', 'subprocess'])
+export type PypiKeyringProvider = z.infer<typeof pypiKeyringProviderSchema>
+
 export const PATHS = {
   pixiBin: path.join(os.homedir(), '.pixi', 'bin', `pixi${os.platform() === 'win32' ? '.exe' : ''}`)
 }
@@ -323,8 +328,10 @@ const inferOptions = (inputs: Inputs): Options => {
                 s3SessionToken: inputs.authS3SessionToken
               }) as Auth)
   const postCleanup = inputs.postCleanup ?? true
+  const pypiKeyringProvider = inputs.pypiKeyringProvider
   return {
     pixiSource,
+    pypiKeyringProvider,
     downloadPixi,
     logLevel,
     manifestPath,
@@ -382,6 +389,7 @@ const getOptions = () => {
     authS3AccessKeyId: parseOrUndefined('auth-s3-access-key-id', z.string()),
     authS3SecretAccessKey: parseOrUndefined('auth-s3-secret-access-key', z.string()),
     authS3SessionToken: parseOrUndefined('auth-s3-session-token', z.string()),
+    pypiKeyringProvider: parseOrUndefined('pypi-keyring-provider', pypiKeyringProviderSchema),
     postCleanup: parseOrUndefinedJSON('post-cleanup', z.boolean())
   }
   core.debug(`Inputs: ${JSON.stringify(inputs)}`)