Hello,
I am trying to work out an elegant way to build Node apps in Docker containers which use a private repo for its dependencies (JFrog artifactory) and a private Github repo.
Artifactory
I could just copy in my .npmrc but I am quite hessitant because it contains my authentication key.
Github repo
I could copy in my SSH-key but that seems like a big security risk.
What are your thoughts on this?
Thanks in advance!
Cheers
Top comments (2)
My recommendation is to use multi-stage builds. You could have stage 1 where you copy your SSH key to install the private dependencies, and stage 2 where you copy the dependencies needed to build the app. Google it and you'll find many tutorials.
True, but then I would have to have the SSH-key and .npmrc in my version control system which is also a risk.