Travis/Secrets

From charlesreid1

Encrypting strings

Encryption keys and encrypting strings: https://docs.travis-ci.com/user/encryption-keys/

Encrypting files

Instructions for encrypting/decrypting can be found in the Travis documentation here:

https://docs.travis-ci.com/user/encrypting-files/

Let Travis handle encryption automatically

The short version:

  • Install the travis command line tool brew install travis
  • Encrypt the file with the travis command line tool travis encrypt-file FILE
  • Add the openssl command given here [1] to .travis.yml

IMPORTANT: You can only encrypt ONE file per repository, so if you have multiple files to encrypt, put them in a tar file and encrypt the tar file.

Do encryption manually

if you are having trouble with Travis not automatically adding the encryption credentials above to the right repository (which you may have a problem with if you are dealing with forks), you may want to manually encrypt/decrypt secrets.

This is a three step process:

Step 1 - encrypt files

The first step is to pick a secret passphrase and use it to encrypt any secret file you have.

Use the following command to encrypt your file: 

openssl aes-256-cbc -k "<your password>" -in secrets.tar.gz -out secrets.tar.gz.enc

Step 2 - add keys to Travis settings

Log in to Travis and navigate to the project. Modify the settings of the repository. There is a section where you can add environment variables.

Add a new environment variable named credentials_password with the value of <your password> (same password used in the above command).

Step 3 - add decrypt step to .travis.yml

Now you can add the following command in your .travis.yml file to decrypt the secrets file: 

before_install:
- ...
- cd tests/
- openssl aes-256-cbc -k "$credentials_password" -in secrets.tar.gz.enc -out secrets.tar.gz -d
- ...

Once you've added the encrypted secrets file (don't add the original, unencrypted secrets file!), you can commit it along with the .travis.yml file, and Travis should be able to access the secrets using the secret password provided via the environment variable.

Example

See https://github.com/dcppc/centillion for an example of a repository that uses encrypted secrets to run Travis tests.

Flags

Retrieved from "https://charlesreid1.com/w/index.php?title=Travis/Secrets&oldid=26099"