Installing an NPM package from private Github repo using a token from an env variable

Question

I have a Node project in a private GitHub repo that includes an NPM dependency on another private GitHub repo, e.g.:

{
  "dependencies": {
    "my-secret-module": "git+ssh://github.com/user/repo-name.git#sha"
  }
}

The project is being run on Heroku, where the npm install step fails during deployment while attempting to install from the private repo.

I'm aware of the possibility of generating OAuth tokens on GitHub and using them in the above URL like so: git+ssh://<token>@github.com/user/repo-name.git, but I don't want to store the token in version control.

The most ideal situation would be to simply store the token in an environment variable, so my question is: is it possible to authenticate with GitHub for this situation using environment variables? Or something else similarly bound to the Heroku app?

score 0 · Answer 1 · edited May 23 '17 at 12:00

0

You could take a look at this buildpack that allows you to add your ssh key to be used as environment variable. Also, take a look at this SO answer that will do basically the same but using pre-build scripts.

edited May 23 '17 at 12:00

Community

1
1

answered Oct 26 '16 at 13:41

andresk

2,845
1
13
17

Installing an NPM package from private Github repo using a token from an env variable

1 Answers1