This is a short note on how to effectively pip install requirements that contain private repositories in a Dockerfile.

For the security reasons it is a good idea to generate an ssh key specificly for the repository you want to pull with only read permissions. If you refuse to generate a new ssh key, you can transfer existing key through local webserver and remove it after installing the requirements. Details of this method can be read here. Generating new key (more details):

ssh-keygen -t rsa -b 4096 -C ""

After generation add newly generated public key to github repository by going to repository settings, Deploy Keys sidebar, Add deploy key button (more details).

Since the key has only read rights, it is safe to push it to your repository. Next adapt your Dockerfile to copy the keys from the repository:

RUN mkdir /.ssh
ADD local_repo/keys/repo-github-deploy-key /root/.ssh/repo-github-deploy-key
ADD local_repo/keys/ /root/.ssh/

Finally start the ssh agent, add keys, and pip install like usual:

ADD local_repo/requirements_frozen.txt requirements.txt
  apt-get -qy upgrade git openssh-client && \
  chmod 600 /root/.ssh/repo-github-deploy-key && \
  eval $(ssh-agent) && \
  echo "Host\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config && \
  ssh-add /root/.ssh/repo-github-deploy-key && \
  ssh-keyscan >> ~/.ssh/known_hosts && \
  pip3 install -r requirements.txt --src /usr/local/src

It is important to start the agent and add keys in the same RUN command, otherwise it will fail.

If you never added github repository to you requirements here is an example requirements.txt:

# ...
-e git+ssh://