DEV Community 👩‍💻👨‍💻

cambiph
cambiph

Posted on

Working with private repos in Docker

Hello,

I am trying to work out an elegant way to build Node apps in Docker containers which use a private repo for its dependencies (JFrog artifactory) and a private Github repo.

Artifactory

I could just copy in my .npmrc but I am quite hessitant because it contains my authentication key.

Github repo

I could copy in my SSH-key but that seems like a big security risk.

What are your thoughts on this?
Thanks in advance!
Cheers

Top comments (2)

Collapse
 
hellovietduc profile image
Duc Nguyen

My recommendation is to use multi-stage builds. You could have stage 1 where you copy your SSH key to install the private dependencies, and stage 2 where you copy the dependencies needed to build the app. Google it and you'll find many tutorials.

Collapse
 
cambiph profile image
cambiph Author

True, but then I would have to have the SSH-key and .npmrc in my version control system which is also a risk.

🌚 Browsing with dark mode makes you a better developer by a factor of exactly 40.

It's a scientific fact.