It would be great if there was a way to generate a SSH key that could be used during the
composer install process of creating the build artifact for composer managed projects.
This would allow us to add the keys as deployment keys in GitHub, BitBucket, GitLab, etc… which would allow easier access for pulling in private packages managed with composer.
If anyone knows of a good way to handle private packages with composer on Pantheon as it stands now I’m all ears!
Thank you for sharing your feature request with us! We meet with our Product Team monthly to surface feedback and feature requests like this that come through our community, so I will make sure to share this with the team, and if I can provide an update, I will. Thanks again!
Would you mean using specific repositories like in this post?
@alexmoreno yes, sort of but I’m interested in private repositories, specifically.
I have a handful of modules that every Drupal project within my organization should use. The repositories for those modules are private and require a known SSH key for access.
The current state of things with the composer managed flow on Pantheon does not support private packages. Pantheon support did offer a workaround of using an access token stored in an auth.json file, but that is a non-starter for me.
Ideally an ssh key could be generated within the Pantheon platform that could be added to the private repositories so that Pantheon’s build process can pull those packages in.