Private Github for Library [SOLVED]


I’ve got a team of 2 others working with me on a project which requires a few different games being developed. We are at the point where I want to start using libraries shared between us, but not at the point where I want to make the projects publicly accessible.

It seems that this is possible if we have setup personal access tokens ( however I was hoping to get more details on how we set this up with defold when fetching libraries? If each of the developers has a private access token for their github accounts setup then will they be able to fetch any repos that they have access to?

Any help you can provide on this is greatly appreciated.


1 Like

Was going to ask a similar question. I have had problems with the personal tokens and a private library looking forward to a solution.

1 Like

I posted additional information in the Libraries manual:


Wow, that was quick, thank you very much for the quick update.

The level of thought put into Defold is seriously one of the big positives for it.



I’ve been thinking about this, and the only problem is I don’t want my github username and access token to be in the project. To your knowledge is there any way to ensure the username and access token aren’t shared with others working on the project?

When creating an access token on Github you setup it’s access. But you can’t setup “Can only pull this one repo” which I would be fine with being accessible to others. All you can setup is “Can completely access all private repositories you have access to” or none. At least that’s my understanding. Any assistance with this would be greatly appreciated.

You should be able to use environment variables. Can you test that?

Our approach to this was to create a separate github user and add it with read access to only the relevant repos. Also the token was generated as read-only access. This access token was safe to push to the Interrogation repo, since it only provided access to repos needed for building Interrogation.

1 Like

Thank you for your response @dapetcu21

How do you generate read only access for the tokens? I can’t see how you would do this with the scope options provided?

@Pkeod thank you for responding, to be clear, you mean have the username and access token as environment variables on my computer whilst I press “fetch libraries”?

Oh. I was under the impression that there’s an option. I’m mistaken then. Anyway, you should be fine if you only give read permissions to the user when you add it to your private repo.

1 Like

Cannot seem to use environment variables unless I’m setting them up wrong.

I’ve got a terminal where I run Defold from. Before running defold in that terminal I created the environment variables:
Then the included libary was<username>/<repo>/archive/
Now when I use just the contents of the environment variables in place of those environment variables it does work.

Is there any mistakes I’m making in accessing these environment variables from Defold?

We don’t replace environment variables into that string (would be a nice feature).

What if you use environment variables, and the dependency without auth arguments?<username>/<repo>/archive/

Also note that we check for the auth arguments first in the path, then use the X-Email and X-Auth as fallback. (code). The latter two are only available via bob.jar ("–email" and “–auth”).

I’m sorry I don’t understand what you are suggesting here? How would I use environment variables in the dependency path without Auth arguments? Just running it without any Authentication does not pull in the repo since it is private. I tried using the ssh version of the repo as I have ssh keys setup on github, but that didn’t work either.

How do I setup X-Email and X-Auth?

I was merely referring to what @pkeod mentioned. But I too am not sure why the environment variables would work in this situation.

As for the other --email/–auth properties, you have to use bob.jar via command line.

Going through the other options here, your solution seems to be the only one that really solves all of my problems completely. To be honest I wanted to avoid creating a new account, but at this point it seems to work fairly well and won’t scare my less command line savvy team mates.

If going through this process would be useful on a tutorial or showcase or something let me know.


I think it will be useful to other teams working on larger projects with private dependencies! The manual could use improvements:

And we’d happily accept a guest blog post / tutorial here: