npm is an incredibly handy development tool. Allowing for breaking your projects up into separate modules keeps logic isolated, maintainable and composable – especially when working with a larger team. When working with proprietary software, we can supply specific URLs in the package to lock down permissions and keep the code out of the public npm registry. However, this can cause a problem when working with portable docker images as the git clone will fail due to a missing id_rsa.
The solution we’re using is quite simple. Provide an ssh id_rsa file to authorize the clone. Instead of using your personal id_rsa, it’s much more appropriate to create one specific for the application and then add the id_rsa.pub as an authorized deploy hook in your git provider. This way you don’t have someone’s actual id_rsa floating around in repositories. Here are the steps: