Python Package Index users can now make and use API tokens instead of using their PyPI usernames and passwords for authentication. So @levlaz’s instructions for continuously deploying from CircleCI to PyPI, which advise users to provide their PyPI usernames and passwords for authentication, should get an update, or the CircleCI docs should supersede that post with a guide to publishing packages to PyPI.
Currently the API token feature is in beta; I anticipate it will be out of beta within a few months. My team will post to the PyPI announcement email list when that happens. (Discourse is limiting me to 2 links in this post; the PyPI help page has a link under “How do I keep up with upcoming changes to PyPI?”.)