Accessing private repositories and setting up write access
Summary¶
This article explains how to authorize SSH key to be able to push changes and pull from not-whitelisted repositories.
Premium feature
Access to private Git repositories is available on premium plan only.
What happens behind the scenes¶
If you create a new project from public whitelisted git repository for read-only purposes then you don't need anything but repository URL and, optionally, branch and root folder name. However, when it comes to accessing private repository or write access to public repository, you need to do some extra setup.
We use public key authentication for accessing git repositories, and internally we generate your personal unique public and private keys. To be able to read from a private repository you need to upload your public key to the repository server.
Below you can find step-by-step instructions for the most popular git hosting services.
Check the repository URL
SSH keys authentication works only when accessing repository over SSH. In this case the URL looks like user@example.com:path/to/repo.git
. Git hosting services usually allow for choosing the access protocol.
Setup instructions¶
Before you start setting up your git server you need to get a copy of your public key. You can access it from your settings page on Papeeria. Select everything inside SSH key
text area and copy into the clipboard.
GitHub¶
- Go to ssh keys section in your GitHub account settings.
- Click
New SSH key
button in the top-right corner. - Fill the title field in the shown form with anything you want. For example, "Papeeria web interface".
- Paste the copied key to
Key
field, clickAdd SSH key
.
That's it, now you can read and write to all your repositories on GitHub.
Bitbucket¶
- Open your Bitbucket account settings page.
- Open
SSH keys
settings section. - Click
Add key
button. - Paste the copied key into the
Key
field. - Fill the
Label
field with anything you want. For example, "Papeeria web interface". - Click
Add key
button.
That's it, now you can read and write to all your repositories on Bitbucket.
Use account SSH key settings
Bitbucket allows for adding SSH keys on per-repository basis and it does not work with Papeeria. You need to add SSH key in the account settings, not in the repository settings.
GitLab¶
- Open ssh keys section in your GitLab account settings
- Paste the copied key to
Key
field. - Fill the
Title
field in the shown form with anything you want. For example, "Papeeria web interface". - Click
Add key
.
That's it, now you can read and write to all your repositories on GitLab.
Your own server¶
Generally you should follow the instructions on configuring secure shell on your operating system, e.g. this manual for Unix-like systems. Below is a short summary which should work in most cases, but your mileage may vary.
- Login to the server as the user specified in the repository url. For example, if the url looks like
john@example.com:path/to/repo.git
, then login toexample.com
asjohn
. - Paste the copied key on separate line in file
~/.ssh/authorized_keys
. If file doesn't exist, just create it.
That's it, now you can read and write to repositories on the server from Papeeria web interface.
Security notes¶
Your key pair is created personally for you and is unique. You can't read data from repository where your public key is not authorized, and nobody can read data from your repository if they don't know your private key. Public key is, well, public and is safe to share. Private key should be kept in secret, and we store it according to our terms of service.
Given that you can authorize as many key pairs as you wish, most likely you don't need the private key generated by us outside of Papeeria, so we don't even show it to you. However, if you really need it, just drop us an email. Also send us an email if you want to re-generate your key pair (this is just not yet in the UI).
When you add a key generated by Papeeria into the git hosting account, you grant us read and write access to all repositories accessible to the account, not only to the one which you fetch into Papeeria. We promise not to abuse these privileges but if you want to be even more safe, you can do the following:
- Create a new git hosting user
yourusername-papeeria
- Grant that user read access to the repository which you want to fetch into Papeeria using the repository settings on the git hosting.
- Complete the instructions given above for that user.
In this case Papeeria will be able to read only those repositories which are readable by yourusername-papeeria
.