Search code examples
node.jsherokupackage.jsonssh-keysbuildpack

Heroku: How to deploy a NodeJS app with a private repo dependency?

I want to deploy a NodeJS app on Heroku that has a private repository listed as a dependency in package.json.

How do I grant Heroku read-only access to this single repository, without exposing any credentials unnecessarily?

Solution

  • This question has been asked repeatedly in various forms, but I was unable to get any of the answers working.

    Here is what finally did the trick — Note that I am on Windows 10:

    • Generate key in git bash with the command ssh-keygen -t ssh-rsa -C "myusername@protonmail.com" (empty password)
    • Copy & paste the *.pub file (created by the above command) contents as a deploy key here: https://github.com/myusername/my-private-repo/settings/keys
    • my-private-repo above refers to the dependency, not the repo you are deploying
    • On Heroku, add https://github.com/heroku/heroku-buildpack-ssh-key.git as a buildpack — ABOVE — the heroku/nodejs buildpack
    • Set your Heroku app's environment variable BUILDPACK_SSH_KEY to the — ENTIRE — contents of the other file (not the one ending with .pub) including the NEWLINE at the end (not sure if that's optional)
    • Set dependency URL in package.json like so:
      "dependencies": {
    "my-private-repo": "git+ssh://github.com/myusername/my-private-repo.git"
  }

    Happy deploying 🙂