Google Artifact Registry - Private packages
When letting Aikido update your dependencies in repositories with private packages, Aikido would need to also have access to the private packages so that we can properly update your lockfiles. You can provide private Google Artifact Registry configuration in Aikido for this.
For now only this is only supported for JavaScript dependencies.
1. Create a Service Account
First, create a service account in your Google Cloud project:
Go to the Google Cloud Console.
Navigate to IAM & Admin > Service Accounts.
Click Create Service Account.
Fill in a Service account name such as
Aikido Artifact Registry Reader
and click Create And Continue.Grant the service account with the Artifact Registry Reader role.
Click Continue and Done.
2. Create a Key for the Service Account
On the Service Accounts page, find the service account you just created.
Click on the three dots on the right and select Manage Keys.
Click Add Key > Create New Key.
Choose JSON and click Create.
Save the JSON key file to a secure location.
3. Configuration in Aikido
Once the prerequisites are fulfilled, you can configure aikido to authenticate with your private registry when updating the dependencies by following the steps below:
Go to your account's settings page for the autofixer in Aikido, here.
Click on Manage private registry connection, the configuration modal will now be shown
Fill in your Private registry host. Should look like
https://<region>-npm.pkg.dev/<project-id>/<repository-name>/
Paste your saved JSON Key content in the Private registry token field
Click Save to save the configuration.