Home » Php » php – How can I tell composer which key to use for a given composer repository?

php – How can I tell composer which key to use for a given composer repository?

Posted by: admin July 12, 2020 Leave a comment

Questions:

I have the following situation:

I have a project hosted on a private repository on bitbucket, for which I use deployment key #1.

In this project’s composer file is a dependency hosted on a satis repository, and is pulled through another private bitbucket repository, using deployment key #2.

I have deployment key #1 stored in ~/.ssh/id_rsa, so git pull works out of the box, and deployment key #2 stored in ~/.ssh/id_composer
How can I tell composer to use that second key when running composer update?

This is what I have so far in my composer.json but it isn’t helping, and I’m having trouble finding the required options I should specify.

"repositories": [
    {
    "type": "composer",
    "url": "http://custom-satis-repo-url",
    "options": {
        "git": {
        "pubkey_file": "~/.ssh/id_composer.pub",
        "privkey_file": "~/.ssh/id_composer"
        }
    }
    }
],

Any help would be appreciated.

Thank you.

How to&Answers:

One way to achieve this could be to use an ssh config file.

More generally speaking, this allows you to configure SSH connections to use specific credentials for ‘virtual’ hosts, which thus allows you to alter the way you connect to Git repos, and therefore can be used to modify Composer dependencies which use ssh.

Edit vim ~/.ssh/config e.g.

Host fake-repo-url
User git
HostName actual-repo-url
IdentityFile ~/.ssh/id_composer

You would need to get the fake-repo-urls into your satis package.json which would render them useless to anyone who didn’t have the config – but I presume that’s fine, as you’re limiting access.

(I use this trick as a way of masking personal accounts for an ‘edit-remote’ on read-only deployment hosts which need very occasional commits!)

There are lots of guides out there on ssh config e.g. this one at nixCraft

Second idea:

Alternatively you could investigate the ‘scripts’ option in Composer. You might be able to run a script which swaps something over during the update/install process.