Skip to main content

Use Dagger with Private Git Repositories

Dagger uses your host's SSH authentication agent to securely authenticate against private remote Git repositories.

To clone private repositories, the only requirement is to run ssh-add on the Dagger host to add your SSH key to the authentication agent.

Assume that you have a Dagger CI tool containing the following code, which references a private repository:

"""
Clone a Private Git Repository and print the content of the README.md file
"""

import sys

import anyio
from rich.console import Console

import dagger

console = Console()


async def private_repo():
with console.status("Hold on..."):
async with dagger.Connection() as client:
repo = (
client
# Retrieve the repository
.git("git@private-repository.git")
# Select the main branch, and the filesystem tree associated
.branch("main").tree()
# Select the README.md file
.file("README.md")
)

# Retrieve the content of the README file
file = await repo.contents()

print(file)


if __name__ == "__main__":
try:
anyio.run(private_repo)
except Exception as e:
print(e, file=sys.stderr)
sys.exit(1)

Now, first remove all the SSH keys from the authentication agent on the Dagger host:

➜  ssh-add -D
All identities removed.

Attempt to run the Python CI tool:

➜  python clone.py
{'message': 'failed to load cache key: failed to fetch remote https://xxxxx@private-repository.git: exit status 128', 'locations': [{'line': 6, 'column': 11}], 'path': ['git', 'branch', 'tree', 'file', 'contents']}

The CI tool fails, as it is unable to find the necessary authentication credentials to read the private repository in the SSH authentication agent.

Now, add the SSH key to the authentication agent on the host and try again:

➜ ssh-add
Identity added: xxxxx
➜ python clone.py
readme #

Finally, the CI tool succeeds in reading the private Git repository.