How to use JFrog Artifactory to download dependencies from private repositories?

andreafalzetti · July 18, 2024, 6:56pm

I want to use JFrog Artifactory for managing the company’s private dependencies. During an okteto up session I want my dev container to be able to install dependencies from private repositories using Maven, npm., Go, pip, etc. How can I achieve that?

andreafalzetti · July 18, 2024, 7:02pm

To allow your Okteto dev containers to pull dependencies from private repositories, you need to authenticate with JFrog Artifactory when running okteto up.

To authenticate with JFrog you need to make the JFrog credentials available to the dev containers and instruct your package manager to use the credentials.

To make the credentials safely available to the dev container you can use Okteto Variables and configure the environment property of the Okteto Manifest to pass the value to the container.

Example:

Create the following Okteto Variables:
- ARTIFACTORY_SERVER_DOMAIN
- ARTIFACTORY_API_KEY
Modify your okteto.yml and configure your dev container to use them:

dev:
  app:
    environment:
      ARTIFACTORY_SERVER_DOMAIN: ${ARTIFACTORY_SERVER_DOMAIN}
      ARTIFACTORY_ACCESS_TOKEN: ${ARTIFACTORY_ACCESS_TOKEN}

Depending on the package manager used, refer to the JFrog documentation on how to authenticate, for example here are some links to common ones:

To authenticate automatically when the dev container starts, you can use the command property of the Okteto Manifest.

As an example, for JavaScript or TypeScript projects using npm, yarn or any other npm-compatible package manager, you can use this command:

dev:
  app:
    environment:
      ARTIFACTORY_SERVER_DOMAIN: ${ARTIFACTORY_SERVER_DOMAIN}
      NPM_TOKEN: ${ARTIFACTORY_ACCESS_TOKEN}
    command: |
     echo "//${ARTIFACTORY_SERVER_DOMAIN}/:_authToken=\${NPM_TOKEN}" >> ~/.npmrc
     npm install
     npm start

What this command does, is to create a .npmrc file in your dev container’s home directory.

This file is used internally by npm to authenticate your requests to the npm registry.

By having access to the ARTIFACTORY_SERVER_DOMAIN environment variable, it will automatically expand that, pointing to your JFrog Artifactory server. For security reasons, we don’t want to hard-code the token in the file, so npm implements a special variable called NPM_TOKEN (see docs) that will be replaced internally by npm when you install a package.

For this reason we’ve exported the NPM_TOKEN environment variable in our manifest, passing the value from ARTIFACTORY_ACCESS_TOKEN.

Topic		Replies	Views
What happens if my built image needs artifactory permissions to download mvn packages How Do I?	1	72	September 23, 2024
How to use an insecure docker registry Help	2	885	November 28, 2023
What can I do if my Application needs Go modules from a Private Repository? How Do I?	1	20	August 26, 2024
How do I add my docker credentials to Okteto so I can use private images in my Docker Compose? How Do I?	1	629	May 12, 2022
Error using dev services with non-root containers Help	3	298	April 29, 2024

How to use JFrog Artifactory to download dependencies from private repositories?

Related topics