Security warning about the auth.json file

3bd4150b · Dominic Couture · Robert Speicher · 4710c3c9 · 3bd4150b
Commit 3bd4150b authored Jun 16, 2020 by Dominic Couture Committed by Robert Speicher Jun 16, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/user/packages/composer_repository/index.md doc/user/packages/composer_repository/index.md +6 -0

No files found.
--- a/doc/user/packages/composer_repository/index.md
+++ b/doc/user/packages/composer_repository/index.md
@@ -141,3 +141,9 @@ composer update
 ```

 If successful, you should be able to see the output indicating that the package has been successfully installed.
+
+CAUTION: **Important:**
+Make sure to never commit the `auth.json` file to your repository. To install packages from a CI job,
+consider using the [`composer config`](https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#authentication) tool with your personal access token
+stored in a [GitLab CI/CD environment variable](../../../ci/variables/README.md) or in
+[Hashicorp Vault](../../../ci/examples/authenticating-with-hashicorp-vault/index.md).