I want to deploy a NodeJS app on Heroku that has a private repository listed as a dependency in package.json.
How do I grant Heroku read-only access to this single repository, without exposing any credentials unnecessarily?
Asked
Active
Viewed 558 times
1
GirkovArpa
- 4,427
- 4
- 14
- 43
1 Answers
4
This question has been asked repeatedly in various forms, but I was unable to get any of the answers working.
Here is what finally did the trick — Note that I am on Windows 10:
- Generate key in git bash with the command
ssh-keygen -t ssh-rsa -C "myusername@protonmail.com"(empty password) - Copy & paste the
*.pubfile (created by the above command) contents as a deploy key here: https://github.com/myusername/my-private-repo/settings/keys my-private-repoabove refers to the dependency, not the repo you are deploying- On Heroku, add https://github.com/heroku/heroku-buildpack-ssh-key.git as a buildpack — ABOVE — the heroku/nodejs buildpack
- Set your Heroku app's environment variable
BUILDPACK_SSH_KEYto the — ENTIRE — contents of the other file (not the one ending with.pub) including the NEWLINE at the end (not sure if that's optional) - Set dependency URL in
package.jsonlike so:
"dependencies": {
"my-private-repo": "git+ssh://github.com/myusername/my-private-repo.git"
}
Happy deploying
GirkovArpa
- 4,427
- 4
- 14
- 43
-
1Thank youuuuuu I've been searching for hours for this. +1 – J-Krush Jun 28 '22 at 16:36
-
what about if we want to use multiple private repos from the same organization, what would the BUILDPACK_SSH_KEY look like? – GitCat Jul 03 '23 at 03:46