Skip to main content

Use private packages

Packages that are publicly available on PyPI can be specified in your app's requirements.txt file to become available in your app as dependency, as shown here. But sometimes you might want to add a package that is only available privately (e.g. code stored on a centralized repository within the company to be reused in multiple apps). There are different options to make such a package available in a (published) app, without the need to copy the code manually into your app folder:

Git submodule

The easiest way to add an app-dependency is to copy the package code (as a sub-folder) into your app folder. A disadvantage of this approach is that if the package is maintained in a separate repository, the copied code needs to be manually updated to receive the latest additions or bugfixes. This problem can be resolved by adding the dependency as a Git submodule to your app. Obviously, this requires your app code itself to be a Git repository.

Add an existing Git repository as a submodule to your app by:

git submodule add https://my-package-repository-url app/submodules/my-package

All code, including the submodules, must reside (in a sub-folder) within the 'app' folder to be available in production.

This will copy the repository's content in a sub-folder submodules/my-package/ within your app folder, and creates a .gitmodules file in your project folder that stores the mapping between the package URL and local path.

Updating your app including all submodules can be done with:

git pull --recurse-submodules

Cloning a project including all submodules to your local hard disk can be done by:

git clone --recurse-submodules https://my-project-repository-url

All ins and outs of using Git submodules can be found on the Git website.

Install from a Git repository

Alternatively, it is possible to install a Python package directly from a (private) Git repository host. For example, it is possible to install my-package that is hosted on the URL by adding the line below to requirements.txt. Additionally, you can install a specific branch or tag by appending an @ followed by the reference to the url, for example @v1.2.3.


For security reasons, we advise against hard-coding the authentication credentials in requirements.txt, prefer to use environment variables instead.

Publish your package on a private PyPI

Another way to make a private package available in an app is to publish it on a private PyPI. This way the code is not copied in your app, but handled as any other package dependency. Moreover, access can even be restricted by means of authentication credentials.

Examples of platforms that allow for hosting your own packages, are:

Instructions on how to host your private package on each platform can be found in the corresponding links.

The hosted package can then be added in your app's requirements.txt file, as follows:

--extra-index-url https://my-private-package-index-url

If the private package index is protected by means of authentication credentials, this can be passed using environment variables:

--extra-index-url https://${MY_USER}:${MY_PASSWORD}@my-private-package-index-url

For security reasons, we advise against hard-coding the authentication credentials in requirements.txt, prefer to use environment variables instead.