# Interactive console authentication for 3rd party repository on deploy

**URL:** https://discourse.roots.io/t/interactive-console-authentication-for-3rd-party-repository-on-deploy/8592
**Category:** trellis
**Created:** 2017-01-18T23:55:35Z
**Posts:** 18
**Showing post:** 2 of 18

## Post 2 by @fullyint — 2017-01-20T00:23:02Z

I was hoping a wpmu dev free trial would let me test a solution for you, but wpmu points out that “this [composer] feature is not available to members on our 14-day trial” ([ref](https://premium.wpmudev.org/blog/composer-repository/)). Rather than pay $49 USD to test, I’ll just post what I _would have_ tried. I haven’t tested the tasks or templates below, so they may need some tweaking.

Presumably the presence of an `auth.json` will skirt around the interactive console requirement (see related [composer docs](https://getcomposer.org/doc/articles/http-basic-authentication.md) and wpmu members-only [mention of `auth.json`](https://premium.wpmudev.org/forums/topic/composer-managed-plugins-from-premiumwpmudevorg#post-1119588)).

I’d add your [wpmu dev API key](https://premium.wpmudev.org/hub/account/) to one of your `group_vars/<environment>/vault.yml` files. Suppose you use the same key for all environments and all sites. In such a case you could add the key to [`group_vars/all/vault.yml`](https://github.com/roots/trellis/blob/f6d7c5af57d02fb1c3914a0ff2135dc3c3000fbc/group_vars/all/vault.yml):

```
# Documentation: https://roots.io/trellis/docs/vault/
  vault_mail_password: smtp_password
+ vault_wpmudev_api_key: 6wvmdak7kkdrmzcaygqyat2x9y57s2q8dpfxfzh9
```

Then I’d add a template task to [`deploy-hooks/build-before.yml`](https://github.com/roots/trellis/blob/f6d7c5af57d02fb1c3914a0ff2135dc3c3000fbc/deploy-hooks/build-before.yml):

```
- name: Create compose auth.json for wpmu dev
  template:
    src: "{{ playbook_dir }}/deploy-hooks/auth.json.j2"
    dest: "/home/{{ ansible_user }}/.composer/auth.json"
    mode: "0600"
```

Then I’d create the `deploy-hooks/auth.json.j2` template on my local machine in my trellis project :

```
{
    "http-basic": {
        "premium.wpmudev.org": {
            "username": "{{ vault_wpmudev_api_key }}",
            "password": ""
        }
    }
}
```

Now, each deploy should create the `auth.json` before the `composer install`, if it isn’t already there.

* * *

In case you need to use a different API key per site and per environment, you could add the key to [`vault_wordpress_sites`](https://github.com/roots/trellis/blob/f6d7c5af57d02fb1c3914a0ff2135dc3c3000fbc/group_vars/production/vault.yml#L12-L14) instead:

```
vault_wordpress_sites:
    example.com:
+ wpmudev_api_key: 6wvmdak7kkdrmzcaygqyat2x9y57s2q8dpfxfzh9
      env:
        db_password: example_dbpassword
        ...
```

In that case, your `deploy-hooks/auth.json.j2` would need an adjustment like this:

```
- "username": "{{ vault_wpmudev_api_key }}",
+ "username": "{{ vault_wordpress_sites[site].wpmudev_api_key }}",
```

* * *

An alternative would be to go ahead and allow interactions instead of trying to skirt them via the `auth.json` above.

This would be a more _involved_ implementation of [Trellis deploy hooks](https://roots.io/trellis/docs/deploys/#hooks). You could try replacing the [`deploy_build_after`](https://github.com/roots/trellis/blob/f6d7c5af57d02fb1c3914a0ff2135dc3c3000fbc/deploy.yml#L12) definition to reference your own version of the hooked file.

```
- deploy_build_after: "{{ playbook_dir }}/roles/deploy/hooks/build-after.yml"
+ deploy_build_after: "{{ playbook_dir }}/deploy-hooks/build-after.yml"
```

You’d copy `roles/deploy/hooks/build-after.yml` to a new file at `deploy-hooks/build-after.yml` then replace the [`composer` task](https://github.com/roots/trellis/blob/f6d7c5af57d02fb1c3914a0ff2135dc3c3000fbc/roles/deploy/hooks/build-after.yml#L2-L5) with a task using Ansible’s [`expect` module](http://docs.ansible.com/ansible/expect_module.html), where the command is a [manual composer install command](https://github.com/roots/trellis/blob/f6d7c5af57d02fb1c3914a0ff2135dc3c3000fbc/deploy-hooks/build-before.yml#L14).

---

_[View the full topic](https://discourse.roots.io/t/interactive-console-authentication-for-3rd-party-repository-on-deploy/8592)._
