I have a Maven project that pulls in Node dependencies as part of the build using exec-maven-plugin:

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>exec-maven-plugin</artifactId>
    <configuration>
        <workingDirectory>src/main</workingDirectory>
    </configuration>
    <executions>
        <execution>
            <id>npm-install</id>
            <configuration>
                <executable>npm</executable>
                <arguments>
                    <argument>install</argument>
                </arguments>
            </configuration>
            <phase>initialize</phase>
            <goals>
                <goal>exec</goal>
            </goals>
        </execution>

One of the Node dependencies is hosted in a private Git repository. I don't want enter my password every time I build, so I use the git+ssh protocol in package.json:

  "dependencies": {
    "sass-theme": "git+ssh://git@github.com/MyOrg/sass-theme.git#v1.0.2",
    "node-sass": "^4.5.0"
  }

This works fine for me since I regularly connect to my organizations private Git repository using SSH, and the SSH key is not password protected. It also works on our Jenkins server, which has its own SSH key.

The first problem with this approach is some developers in my organization password protect their SSH keys, so they're prompted to enter their password during the build.

The second problem is most developers connect to the repository using HTTPS, so they have to create an SSH key and register it with GitHub. Then, during the build, they're prompted to allow the SSH connection, but it occurs so early in the build that it gets lost in the scroll buffer.

What can I change to make this process more seamless? Can we have a shared SSH key? Or do I need to change the URL of the Node dependency to use git+https?

The second problem is most developers connect to the repository using HTTPS

1/ They can continue to do that, making sure they are using a credential helper to cache their github.com username and password (with Git for Windows for instance, you would be using the Microsoft Git Credential Manager, linked to the Credential Manager in Windows)

2/ In order to not change your settings (which are using an ssh url), a developer can use a global configuration like:

git config --global url."https://github.com".insteadOf git+ssh://git@github.com

That way, any git@github.com ssh url would be interpreted/changed as an https one.