DEV Community


Posted on

Working with private repos in Docker


I am trying to work out an elegant way to build Node apps in Docker containers which use a private repo for its dependencies (JFrog artifactory) and a private Github repo.


I could just copy in my .npmrc but I am quite hessitant because it contains my authentication key.

Github repo

I could copy in my SSH-key but that seems like a big security risk.

What are your thoughts on this?
Thanks in advance!

Top comments (2)

hellovietduc profile image
Duc Nguyen

My recommendation is to use multi-stage builds. You could have stage 1 where you copy your SSH key to install the private dependencies, and stage 2 where you copy the dependencies needed to build the app. Google it and you'll find many tutorials.

cambiph profile image

True, but then I would have to have the SSH-key and .npmrc in my version control system which is also a risk.