I work at a company which usually only deals with Java applications and thus, Java artifacts. We have a Sonatype Nexus repository set up which authenticates requests to it via its built-in user system and additionally by authenticating PKCS12 client certificates against a local CA (it least that's how I think it works, I frankly don't know much about certificates and this set up was done by an engineer that came before me).
We authorize Maven requests using the following environment variable.
export MAVEN_OPTS="-Xmx1024M -Djavax.net.ssl.keyStore=/home/josh/bemoty-2023.p12 -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=<password>"
I'm now leading a team of web developers who are working on creating a component library for our various web projects. Naturally, I want them to be able to access the newest versions of the component library and download them from our remote repository.
So I:
- Created a NPM repository in the Nexus web interface
- Followed this explanation on how to log in to remote NPM repositories
- Executed
npm i --verbose - Realized I needed to tell NPM to use my client certificate, because my log was full with HTTP 400s
I then found out that it is possible to give NPM a path to a local client certificate. My .npmrc now looks like this:
registry=https://repo.acme.com/repository/npm/
[email protected]
always-auth=true
//repo.acme.com/repository/npm/:_auth="<base64 encoded auth string in the form username:password>"
//repo.acme.com/repository/npm/:certfile="/home/josh/bemoty-2023.p12"
Great, I thought. However, it doesn't seem like I can tell NPM to use a specific password for my PKCS12 keystore, or at least I was not able to find an option for it. I reckon that's the reason why NPM is still giving me the stinky (output snippet of npm i --verbose):
npm http fetch GET 400 https://repo.acme.com/repository/npm/@base2/pretty-print-object/-/pretty-print-object-1.0.1.tgz 2285ms (cache skip)
npm http fetch GET 400 https://repo.acme.com/repository/npm/@babel/register/-/register-7.23.7.tgz 2293ms (cache skip)
npm http fetch GET 400 https://repo.acme.com/repository/npm/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.23.4.tgz 2363ms (cache skip)
npm http fetch GET 400 https://repo.acme.com/repository/npm/@babel/template/-/template-7.23.9.tgz 2366ms (cache skip)
npm http fetch GET 400 https://repo.acme.com/repository/npm/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.23.3.tgz 2366ms (cache skip)
I could not find any resources on how to configure NPM for this online, or maybe I'm just not doing it right. Either way, it probably is a very niche set up... also, I probably need to get some sort of npm-proxy running to get all those downloads for third party packages to work, but that's an issue for another day.