can use private repos on and elsewhere, but you have to configure each job with an SSH key that has access to your account.

Warning! The list of commands run in a job, as well as their stdout and stderr, are visible to the public - even if the job uses a private repository. Take care not to leak any secrets this way.
  1. Generate an SSH key and add it to your account
  2. Add a secret using the secrets management page
  3. Copy the secret's UUID into your build manifest's secrets list.
  4. Update your sources list to use the SSH clone URL - not the https clone URL.

The resulting build manifest should look something like this:

image: # ...
- c043e12e-a297-4ece-b09c-bb5a99dc4094

About this wiki

commit 317a65b12acde1851bcf637602605f9fc8a7d3d6
Author: Drew DeVault <>
Date:   2019-09-11T22:30:51+00:00 add newline
Clone this wiki (read-only) (read/write)