We’re trying to setup composer in our agency so we can share multiple private packages across multiple clients securely.
What we’re looking for is something like what some extensions vendors do (like Amasty or Mirasvit) when you purchase the extension you get your own credentials that you add in the auth.json file and after adding their repo URL to the composer.json file you get access to the modules that you purchased .
Ideally we’d like to set something up that:
Lets each client have their own credentials, with access only to the repos that we specify.
If the clients leaves we can revoke access to only those credentials without affecting anyone else.
It looks like packagist private repos do this but they’re out of our budget unfortunately, we looked into Satis and it takes us pretty close but as far as we can see it doesn’t handle permissions so the only way I can see is each client having their own Satis installation with access only to their repos and with their own credentials.
Is there any other option that you can recommend?
Thanks in advance.