| date_modified | 2023-01-27 13:17 | |||
|---|---|---|---|---|
| date_published | 2021-09-06 16:48 | |||
| description | Set up Composer HTTP basic authentication in Trellis to access private packages, commercial plugins, and authenticated repositories during deployment. | |||
| title | Composer HTTP Basic Authentication | |||
| authors |
|
Many paid WordPress plugins also offer Composer support. Typically, this is accomplished by adding the plugin repository to your composer.json file:
"repositories": [
{
"type":"composer",
"url":"https://example.com"
}
]The actual plugin download is protected behind a basic HTTP authentication layer. This allows the plugin developer to restrict access to the plugin via Composer by a username/password combination. The basic authentication credentials are stored in an auth.json file.
{
"http-basic": {
"example.com": {
"username": "{COMPOSER_HTTP_USERNAME}",
"password": "{COMPOSER_HTTP_PASSWORD}"
}
}
}However, when using such plugins in a Trellis project, it is generally considered bad practice to implement this via deploy hooks or adding the auth.json to your version control.
Trellis now supports HTTP basic authentication for multiple Composer repositories, via the Ansible Vault functionality, on a per environment configuration.
# group_vars/<env>/vault.yml
vault_wordpress_sites:
example.com:
composer_authentications:
- { hostname: example.com, username: COMPOSER_HTTP_USERNAME, password: COMPOSER_HTTP_USERNAME }
If the private repository doesn't use a password (because the username contains
an API key for example), you'll need to omit password like this:
# group_vars/<env>/vault.yml
vault_wordpress_sites:
example.com:
composer_authentications:
- { hostname: example.com, username: apikey }
Multiple private Composer repositories can be configured in this way.
This functionality does have a few requirements:
- The passwords should not be stored as plain text, as described in the Vault documentation
- Currently, only HTTP basic authentication is supported