Problem

Need to access a private Git repo inside of a Dockerfile during the docker build process.

Solution

The main idea is to use HTTP Basic Authentication while downloading files using the git command line client.

Steps

1. Create a Personal Access Token with repo scope using your Git provider's interface. Links for GitHub, GitLab, BitBucket.

2. You will need to configure git to use the Access Token for authentication. Add the following line to your Dockerfile:

ARG GIT_ACCESS_TOKEN

# GitHub
RUN git config --global url."https://${GIT_ACCESS_TOKEN}@github.com".insteadOf "ssh://git@github.com"

# GitLab
RUN git config --global url."https://[insert_username]:${GIT_ACCESS_TOKEN}@gitlab.com".insteadOf "ssh://git@gitlab.com"

1. Run the docker build command and pass in the access token created in Step 1:

docker build --build-arg GIT_ACCESS_TOKEN=[insert-access-token-here] -t [image_name]:[image_tag] .

Notes

• Your access token will be baked into the image and can be viewed using the docker image inspect [image-name] command. If you are using this method in production, I recommend rotating your access keys every 15 minutes to ensure they do not get compromised.
• Can also use multi-stage builds to copy assets from private repos into the final image. While this method works, it adds a lot of unnecessary complication to the image building process just to keep sensitive information out of the image. Writing up a script to rotate keys is fairly trivial.

pip install from a Private Repo

Personally, I use this workflow to pip install a Python package from a private repo. In my requirements.txt file, I list private packages in the following format:

git+ssh://git@github.com/{org-name}/{repo-name}.git@{commit}#egg={package-name}