Both are hosted by GitLab. I want to add the private gitlab.com/rokejulianlockhart/s4a3h4.git to the public gitlab.com/rokejulianlockhart/rokejulianlockhart.git so that it appears as a directory to others and I, but is solely accessible by myself.
I don't know where to start. All content on the internet appears to mention adding public Git submodules to public repositories so that they can be edited simultaneously. However, I know that my desired configuration is possible per this answer.
In my case, the $Repository is:
$Repository = 'https://gitlab.com/rokejulianlockhart/s4a3h4.git'
As long as you're authorised, it doesn't change anything. The undermentioned command is adequate to clone it as a submodule:
git submodule add "$Repository"
Specifically, it enumerated s4a3h4.git and added it to the content of rokejulianlockhart.git, adding solely one file:
[submodule "s4a3h4"] path = s4a3h4 url = https://gitlab.com/rokejulianlockhart/s4a3h4.git
However, the more interesting part was, of course, whether this would remain secure when accessed by someone unauthenticated. In that regard:
Accessing https://gitlab.com/rokejulianlockhart/rokejulianlockhart/-/tree/d5a0a6fcfa21432279f1081e065abd844533c325 shall indeed display that the submodule exists, but GitLab shall not allow a user to access it via the web portal.
If they attempt to access the submodule directory's URI directly at https://gitlab.com/rokejulianlockhart/rokejulianlockhart/-/blob/d5a0a6fcfa21432279f1081e065abd844533c325/s4a3h4, no data is returned.However, this is the same for public submodules too, per https://gitlab.com/rokejulianlockhart/rokejulianlockhart/-/blob/d5a0a6fcfa21432279f1081e065abd844533c325/sg5n9q.
Additionally, if a user attempts to programmatically clone the repository with the content of the private submodule, they shall see:
git clone --recurse-submodules https://gitlab.com/rokejulianlockhart/rokejulianlockhart.git
test1@sayw4i:~$ git clone --recurse-submodules https://gitlab.com/rokejulianlockhart/rokejulianlockhart.git fatal: destination path 'rokejulianlockhart' already exists and is not an empty directory. test1@sayw4i:~$ rm -r rokejulianlockhart rm: remove write-protected regular file 'rokejulianlockhart/.git/objects/pack/pack-bd217d78cf73bf0ff73e8b564993337c58722e07.pack'? y rm: remove write-protected regular file 'rokejulianlockhart/.git/objects/pack/pack-bd217d78cf73bf0ff73e8b564993337c58722e07.rev'? y rm: remove write-protected regular file 'rokejulianlockhart/.git/objects/pack/pack-bd217d78cf73bf0ff73e8b564993337c58722e07.idx'? y test1@sayw4i:~$ git clone --recurse-submodules https://gitlab.com/rokejulianlockhart/rokejulianlockhart.git Cloning into 'rokejulianlockhart'... remote: Enumerating objects: 11, done. remote: Counting objects: 100% (11/11), done. remote: Compressing objects: 100% (10/10), done. remote: Total 11 (delta 2), reused 0 (delta 0), pack-reused 0 (from 0) Receiving objects: 100% (11/11), 6.29 KiB | 6.29 MiB/s, done. Resolving deltas: 100% (2/2), done. Submodule 's4a3h4' (https://gitlab.com/rokejulianlockhart/s4a3h4.git) registered for path 's4a3h4' Submodule 'sg5n9q' (https://gitlab.com/rokejulianlockhart/sg5n9q.git) registered for path 'sg5n9q' Cloning into '/home/test1/rokejulianlockhart/s4a3h4'... error: unable to read askpass response from '/usr/libexec/openssh/gnome-ssh-askpass' Username for 'https://gitlab.com': ^Cwarning: Clone succeeded, but checkout failed. You can inspect what was checked out with 'git status' and retry with 'git restore --source=HEAD :/'
or
test1@sayw4i:~$ git clone --recurse-submodules https://gitlab.com/rokejulianlockhart/rokejulianlockhart.git Cloning into 'rokejulianlockhart'... remote: Enumerating objects: 11, done. remote: Counting objects: 100% (11/11), done. remote: Compressing objects: 100% (10/10), done. remote: Total 11 (delta 2), reused 0 (delta 0), pack-reused 0 (from 0) Receiving objects: 100% (11/11), 6.29 KiB | 6.29 MiB/s, done. Resolving deltas: 100% (2/2), done. Submodule 's4a3h4' (https://gitlab.com/rokejulianlockhart/s4a3h4.git) registered for path 's4a3h4' Submodule 'sg5n9q' (https://gitlab.com/rokejulianlockhart/sg5n9q.git) registered for path 'sg5n9q' Cloning into '/home/test1/rokejulianlockhart/s4a3h4'... error: unable to read askpass response from '/usr/libexec/openssh/gnome-ssh-askpass' Username for 'https://gitlab.com': error: unable to read askpass response from '/usr/libexec/openssh/gnome-ssh-askpass' Password for 'https://gitlab.com': remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied fatal: Authentication failed for 'https://gitlab.com/rokejulianlockhart/s4a3h4.git/' fatal: clone of 'https://gitlab.com/rokejulianlockhart/s4a3h4.git' into submodule path '/home/test1/rokejulianlockhart/s4a3h4' failed Failed to clone 's4a3h4'. Retry scheduled Cloning into '/home/test1/rokejulianlockhart/sg5n9q'... remote: Enumerating objects: 326, done. remote: Counting objects: 100% (326/326), done. remote: Compressing objects: 100% (254/254), done. remote: Total 326 (delta 57), reused 319 (delta 54), pack-reused 0 (from 0) Receiving objects: 100% (326/326), 5.10 MiB | 3.96 MiB/s, done. Resolving deltas: 100% (57/57), done. Cloning into '/home/test1/rokejulianlockhart/s4a3h4'... error: unable to read askpass response from '/usr/libexec/openssh/gnome-ssh-askpass' Username for 'https://gitlab.com': error: unable to read askpass response from '/usr/libexec/openssh/gnome-ssh-askpass' Password for 'https://gitlab.com': remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied fatal: Authentication failed for 'https://gitlab.com/rokejulianlockhart/s4a3h4.git/' fatal: clone of 'https://gitlab.com/rokejulianlockhart/s4a3h4.git' into submodule path '/home/test1/rokejulianlockhart/s4a3h4' failed Failed to clone 's4a3h4' a second time, aborting test1@sayw4i:~$
Consequently, it doesn't affect the security of the repository.