How to use private Git submodules

Warning

If you are using private Git repositories and they also contain private Git submodules, you need to follow a few special steps.

Read the Docs uses SSH keys (with read only permissions) for GitLab and Bitbucket in order to clone private repositories, this key is added to your main repository, but not to your submodules. For GitHub we make use of a temporary token generated using our GitHub App.

When a project is created, a SSH key is automatically generated. You can use this SSH key to give Read the Docs access to clone your private submodules.

Note

You can manage which submodules Read the Docs should clone using a configuration file. See submodules.
Make sure you are using SSH URLs for your submodules (git@github.com:readthedocs/readthedocs.org.git for example) in your .gitmodules file, not http URLs.

GitHub

Since GitHub doesn’t allow you to reuse a deploy key across different repositories, you’ll need to use machine users to give read access to several repositories using only one SSH key.

Create a GitHub user and give it read only permissions to all the necessary repositories. You can do this by adding the account as:
- A collaborator
- An outside collaborator
- A team in an organization
Attach the public SSH key from your project on Read the Docs to the GitHub user you just created
1. Go to the user’s settings
2. Click on SSH and GPG keys
3. Click on New SSH key
4. Put a descriptive title and paste the public SSH key from your Read the Docs project
5. Click on Add SSH key

Azure DevOps

Azure DevOps does not have per-repository SSH keys, but keys can be added to a user instead. As long as this user has access to your main repository and all its submodules, Read the Docs can clone all the repositories with the same key.

Others

GitLab and Bitbucket allow you to reuse the same SSH key across different repositories. Since Read the Docs already added the public SSH key on your main repository, you only need to add it to each submodule repository.