Use github private repo to deploy key inside docker build step for npm install

My use case is that I have multiple express microservices that use the same middleware and I would like to create a different repo in npm module format for each middleware.

Each repo is a private repo and can have a deployment key attached (can be different keys or the same)

This all works fine locally. However, when I try to use this with a docker compose setup, it fails in the npm install stage in the build stage.

Dockerfile

FROM node:alpine
RUN npm install --production
CMD npm start

      

        
        
        
      

    

Docker-compose.yml

services:
   node-api:
        build:
            context: .
            dockerfile: Dockerfile

      

        
        
        
      

    

I realize this doesn't work because I don't have a deployment key that I use on my local system in the Docker context.

I was looking for a solution and none of them seem very lightweight / not hacky

• Copy key and squash (CONS: not sure how I do this in docker build file) http://blog.cloud66.com/pulling-git-into-a-docker-image-without-leaving-ssh-keys- behind /

• Copy the key during the build step and add the image. (CONS: Not very secure :()

• Use the key as a build argument. (CONS: see 2)

• Connect something like https://www.vaultproject.io/ run first, add the key and use it in node containers to get the last key. (CONS: maybe a lot of work, maybe other problems?)

• Using Docker secrets and docker stack deploy and store key in docker secrets (CON: Docker stack deploy doesn't support docker yet. See here https://docs.docker.com/compose/bundles/#producing-a-bundle unsupported key volumes ")

My question is the most efficient safe possible solution, automatic (minimum manual steps for file users)? Exercise timing is not a concern. I try to avoid checking any sensitive data by letting other people run this locally.