Anchors Aweigh

You’re ready for your eCommerce voyage! The sails are set and you’re at the helm. You’ve read my previous article: How To Install Magento 2 for in-depth instructions and familiarized yourself with the setup. You sit down at your desk and begin.

You’re breezing through what feels like still water with a firm grasp. As explained in my last post, in Magento 2, you should be installing with Composer – always. This places all the core files in the vendor directory. The Composer directory should not be included in version control, but rather generated with “composer install.”

Shiver Me Timbers

Don’t modify that core! This is common wisdom and practice in the Magento community. When you’ve worked with the platform long enough, you know that there are certain best practices that exist for a reason. Like your sanity. In Magento 1, if you modified any files in app/code/core or base/default, it is likely that security patches and upgrades would not apply correctly. Also, you may have created unintended consequences, because many objects depend on or inherit from core classes.
These issues are avoided in Magento 2 through the use of Composer, and wisdom of experience. So you’re all set to install M2 when whoops! You hit a rock. Magento Open Source (the framework formerly known as Community) requires a username and password for Composer installation. And you weren’t expecting that intuitively, because it’s an open source platform, and credentials aren’t generally needed for downloading open source software. Well, don’t prepare to go down with the ship just yet. The barrier is, in fact, artificial. And there is actually a pretty simple solution.

Land ho!

While this issue may feel like a massive iceberg you’re going to hit (let’s just keep this nautical metaphor going), it’s really not. Composer can read these credentials from a file named auth.json. To obtain your credentials:

  • Log into your account at, being redirected to It is a free account.
  • Marketplace > Cart Dropdown > My Profile
  • From the “Access Keys” menu, you can “Create a new access key.” For some reason, Magento chose to describe this as “public key” and “private key,” using them as username and password respectively. This is a perversion of the standard meaning for keys; please see an earlier blog post for discussion.

There you have it! A simple solution to keep your ship underway. Now take control of your vessel and come about. It’s a good day for a new eCommerce site on the horizon. For more Magento 2 tips and tricks, check out the Magento DevDocs, the Human Element Twitter feed, and more from the Human Element blog.