Heroku: How to deploy a NodeJS app with a private repo dependency?

Question

I want to deploy a NodeJS app on Heroku that has a private repository listed as a dependency in package.json.

How do I grant Heroku read-only access to this single repository, without exposing any credentials unnecessarily?

Answer 1

This question has been asked repeatedly in various forms, but I was unable to get any of the answers working.

Here is what finally did the trick — Note that I am on Windows 10:

• Generate key in git bash with the command ssh-keygen -t ssh-rsa -C "[email protected]" (empty password)
• Copy & paste the *.pub file (created by the above command) contents as a deploy key here: https://github.com/myusername/my-private-repo/settings/keys
• my-private-repo above refers to the dependency, not the repo you are deploying
• On Heroku, add https://github.com/heroku/heroku-buildpack-ssh-key.git as a buildpack — ABOVE — the heroku/nodejs buildpack
• Set your Heroku app's environment variable BUILDPACK_SSH_KEY to the — ENTIRE — contents of the other file (not the one ending with .pub) including the NEWLINE at the end (not sure if that's optional)
• Set dependency URL in package.json like so:

  "dependencies": {
    "my-private-repo": "git+ssh://github.com/myusername/my-private-repo.git"
  }

Happy deploying 🙂