Skip to main content
Log inGet free account
Last Reviewed: August 22, 2024

Integrated Composer Usage

How to use Pantheon Secrets with Pantheon's Integrated Composer.

Discuss in Slack
Edit this page on GitHub Report an issue with this doc

Using secrets with Integrated Composer

If your Composer-based dependency is private, and the repository supports OAuth authentication, storing your token as a secret in the Pantheon Secrets API is a simpler way to allow access to those private repositories.

  1. Generate a GitHub token. The GitHub token must have all "repo" permissions selected.

    Note: Check the repo box that selects all child boxes. Do not check all child boxes individually as this does not set the correct permissions.

    image

  2. Set the secret value to the token via terminus:

    terminus secret:site:set <site> github-oauth.github.com <github_token> --type=composer --scope=ic

  3. Add your private repository to the repositories section of composer.json:

    {
    "type": "vcs",
    "url": "https://github.com/your-organization/your-repository-name"
}

    Your repository should contain a composer.json that declares a package name in its name field. It should specify a type like wordpress-plugin or drupal-module for example. For these instructions, we will assume your package name is your-organization/your-package-name.

  4. Require the package defined by your private repository's composer.json by either adding a new record to the require section of the site's composer.json or with a composer require command:

    composer require your-organization/your-package-name

  5. Commit your changes and push to Pantheon.

Mechanism 2: HTTP Basic Authentication

In the case where you have a Composer dependency that only supports HTTP Basic Authentication, you may create a COMPOSER_AUTH json and make it available via the COMPOSER_AUTH environment variable if you have multiple private repositories on multiple private domains.

Composer has the ability to read private repository access information from the environment variable: COMPOSER_AUTH. The COMPOSER_AUTH variables must be in a specific JSON format.

Format example:

#!/bin/bash

read -e COMPOSER_AUTH_JSON <<< {
    "http-basic": {
        "github.com": {
            "username": "my-username1",
            "password": "my-secret-password1"
        },
        "repo.example2.org": {
            "username": "my-username2",
            "password": "my-secret-password2"
        },
        "private.packagist.org": {
            "username": "my-username2",
            "password": "my-secret-password2"
        }
    }
}
EOF

terminus secret:site:set ${SITE_NAME} COMPOSER_AUTH ${COMPOSER_AUTH_JSON} --type=env --scope=ic