Currently, we use Cordova plugins hosted in GitHub repositories and integrate them into our mobile applications to generate builds but this will expose the plugin code in public, As an alternative, we can include the plugins as ZIP files within our module to keep the code from being exposed.

However, when the plugin size is large, including it as a ZIP file can lead to timeout issues during mobile app build generation. Hosting the plugin on GitHub resolves this issue, but it introduces another challenge: the repository must be public for the MABs  to access it.

To address security we would prefer to keep these repositories private. Since mobile builds are handled by MABS (Mobile Apps Build Service), there is currently no straightforward way to grant secure, controlled access to private repositories.

Proposed Idea:

Provide a mechanism to allow controlled and secure access to private repositories during mobile app build generation. For example:

• Support authentication methods (e.g., access tokens or SSH keys)
• Allow configuration of private repository credentials within the platform

Thank you,