Last Reviewed: 2024-08-22
Integrated Composer Usage
How to use Pantheon Secrets with Pantheon's Integrated Composer.
Using secrets with Integrated Composer
Mechanism 1: OAuth composer authentication (recommended)
If your Composer-based dependency is private, and the repository supports OAuth authentication, storing your token as a secret in the Pantheon Secrets API is a simpler way to allow access to those private repositories.
Mechanism 2: HTTP Basic Authentication
In the case where you have a Composer dependency that only supports HTTP Basic Authentication, you may create a COMPOSER_AUTH json and make it available via the COMPOSER_AUTH environment variable if you have multiple private repositories on multiple private domains.
Composer has the ability to read private repository access information from the environment variable: COMPOSER_AUTH. The COMPOSER_AUTH variables must be in a specific JSON format.
Format example: