Skip to content

docs(cloud): Guide for private git dependencies #590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
christerswahn wants to merge 2 commits into
base: main
Choose a base branch
from
+42 −1
Open

docs(cloud): Guide for private git dependencies #590

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0892f91
docs(cloud): Guide for private git dependencies
christerswahn Jun 10, 2026
414e125
docs(cloud): Fixed review comments
christerswahn Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 42 additions & 1 deletion cloud_docs/reference/01-deployment/02-handling-private-dependencies.md
View file
Open in desktop

@developerjamiu developerjamiu Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion (line 3, intro): the current opening frames workspaces as the only path, but the PR adds private-git-deps as a second path. Surfacing both up front helps the reader pick.

Proposed rewrite of line 3:

Serverpod Cloud handles private dependencies in two ways: as local packages in a Dart workspace, or as private git dependencies authenticated with an SSH-key build secret. Pick the one that matches how your private code is stored.

Original file line number Diff line number Diff line change
Expand Up @@ -37,11 +37,52 @@ dependencies:

When you deploy your Serverpod application, the CLI automatically detects workspace structures and includes all necessary workspace packages in your deployment package.

## Using private git dependencies

If your server depends on Dart packages from a private git repository, the
Serverpod Cloud build process needs to be given read access to it.

Do this by setting a _build secret_ on the project. SSH keys are supported, and you store the private SSH key in the build secret.

:::info
Build secrets are kept separate from runtime secrets and will not be accessible
anywhere outside the build pipeline. They are automatically encrypted in transit
and at rest.
:::

### CLI commands for build secrets

Use the `scloud deployment build-secret` commands to manage your build secrets.

#### List the current build secrets
Comment thread
christerswahn marked this conversation as resolved.
```sh
$ scloud deployment build-secret list
```

#### Add or modify a build secret
```sh
$ scloud deployment build-secret set MY_SECRET_NAME "my-private-ssh-key"
```

#### Add or modify a build secret with the value in a file
```

@developerjamiu developerjamiu Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: this code block is missing the language tag the other two use. Add sh (or bash) so syntax highlighting matches.

$ scloud deployment build-secret set MY_SECRET_NAME --from-file my_private_ssh_key_file
```

@developerjamiu developerjamiu Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just mentioning: worth adding a way to unset/remove a build secret here, because rotating an SSH key or revoking access is a common follow-up. Without it documented, readers will either leave stale secrets behind or guess.


### Accessing a private repository in GitHub

If you are using GitHub, you can set up a _deploy key_ for this.
It only needs read access.

[Set up deploy keys in GitHub](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys#set-up-deploy-keys)

Then store the private SSH key as a build secret on your Serverpod Cloud project,
and redeploy.

## Current limitations

Serverpod Cloud currently does not support:

- **Private git references**: Dependencies pointing to private Git repositories using `git:` URLs are not supported during deployment.
- **Private package managers**: Custom package registry configurations are not supported.

If you need to include private code in your deployment, use Dart workspaces to manage these dependencies as local packages within your project structure.

@developerjamiu developerjamiu Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: with workspaces and private git deps now both documented above, this closer is redundant. Consider cutting it. Current limitations then reads as a clean "what's not supported" list without the appended workspace recap.

Expand Down
Loading