37

I have a private repo that I want to install in my package.json file.

"private-module": "git+ssh://git@bitbucket.org:private/private-module.git"

By default npm uses your default private key. I want to be able to specify which ssh key npm should use when running npm install. Is there any way to do this?

Vadim
  • 17,897
  • 4
  • 38
  • 62

4 Answers4

43

Here are a few solutions:

  • Add an entry to your ~/.ssh/config. For example:

    Host bitbucket.org
     IdentityFile ~/.ssh/bitbucket_key
     IdentitiesOnly yes

  • Use ssh-agent and add your key to the agent instance beforehand.

  • Use something like ssh-ident for choosing ssh agents and identities dynamically based on the current working directory or arguments passed to ssh-ident. As their readme states, you would typically alias ssh-ident to ssh so that it's automatically used everywhere.

mscdex
  • 104,356
  • 15
  • 192
  • 153
  • So the 3d suggestion seemed promising, but npm seemed to ignore it. I would up using something similar to your first suggestion, based on this https://gist.github.com/jexchan/2351996 – Vadim Sep 20 '14 at 04:57
  • Note using a .ppk (Puttygen) file doesn't work for the IdentityFile in the ~/.ssh/config file. It needs to be an OpenSSH file – philcruz Jan 26 '16 at 19:15
  • #1 worked for me. I had to use puttygen to generate a key and then export it to openssh format. – ps. Oct 11 '16 at 19:30
  • Im rather new to all this. Can you explain in more detail. Like what is `~/.ssh/config`. and how do I use `ssh-agent` – Martijn Apr 28 '20 at 06:33
3

After you have made the changes in the first part of mscdex's answer you might need to add the host to the list of known hosts - before the npm install command will work.

You can do this by cloning the private repo to another directory:

git clone ssh://git@bitbucket.org:private/private-module.git

You might be asked if you want to proceed, type yes and enter, then bitbucket.org is trusted. Go back to your project directory and retry npm install. This is what was needed for mscdex's answer to work for me.

There are other ways of adding trusted hosts, but this does that in addition to verify that you can actually get to the desired private repo.

Community
  • 1
  • 1
mwotton
  • 2,170
  • 18
  • 36
  • See https://askubuntu.com/questions/123072/ssh-automatically-accept-keys for a solution not requiring to clone the whole repository. – saji Apr 23 '19 at 08:57
1

You can apparently do this with

export GIT_SSH_COMMAND='ssh -i ~/.ssh/your_private_key'

francis duvivier
  • 2,056
  • 11
  • 17
-3

Otherwise, you can use your NPM Token in your .npmrc file:

// .npmrc
//registry.npmjs.org/:_authToken=${YOUR_NPM_TOKEN}

Source: https://blog.npmjs.org/post/118393368555/deploying-with-npm-private-modules

Wilk
  • 7,873
  • 9
  • 46
  • 70
  • The question is about choosing a key to be used by `npm install` when installing from a repo. Private registries are irrelevant. – aendra Jun 08 '20 at 10:21