Get the latest Laravel/PHP jobs, events and curated articles straight to your inbox, once a week
Source: dunglas.fr
Securely Access Private Git Repositories and Composer Packages in Docker Bu
When working on enterprise projects, it’s common to have to download private dependencies that require authentication to be installed (usually, internal or paid packages). In modern setups, you’ll most likely use https://www.docker.com/ to package your application (or service) and all its dependencies into a standalone image.
This means that the secrets should be used to download dependencies, but should not be accessible to people who have access to the Docker image or to the Git repository containing the source code.
This is very convenient because SSH has always been the preferred way to download private Git repositories, and https://git-scm.com/docs/git-clone#_git_urls.
Let’s create a Docker image containing a private Git repository but not the credentials needed to download it!
This means that the secrets should be used to download dependencies, but should not be accessible to people who have access to the Docker image or to the Git repository containing the source code.
This is very convenient because SSH has always been the preferred way to download private Git repositories, and https://git-scm.com/docs/git-clone#_git_urls.
Let’s create a Docker image containing a private Git repository but not the credentials needed to download it!
Newsletter
Glimpse
Glimpse streamlines Laravel development by seamlessly deploying GitHub pull requests to preview environments with the help of Laravel Forge.
Community Partners
Laravel/PHP Careers