Travis/Secrets: Difference between revisions
From charlesreid1
(Created page with "==Encrypting strings== Encryption keys and encrypting strings: https://docs.travis-ci.com/user/encryption-keys/ ==Encrypting files== Encrypting files: https://docs.travis-c...") |
(→Flags) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
==Encrypting files== | ==Encrypting files== | ||
Instructions for encrypting/decrypting can be found | |||
in the Travis documentation here: | |||
https://docs.travis-ci.com/user/encrypting-files/ | |||
===Let Travis handle encryption automatically=== | |||
The short version: | |||
* Install the travis command line tool <code>brew install travis</code> | |||
* Encrypt the file with the travis command line tool <code>travis encrypt-file FILE</code> | |||
* Add the openssl command given here [https://docs.travis-ci.com/user/encrypting-files/] to <code>.travis.yml</code> | |||
IMPORTANT: You can only encrypt ONE file per repository, so if you have multiple files to encrypt, put them in a tar file and encrypt the tar file. | |||
===Do encryption manually=== | |||
if you are having trouble with Travis not automatically adding the encryption credentials above to the right repository (which you may have a problem with if you are dealing with forks), you may want to manually encrypt/decrypt secrets. | |||
This is a three step process: | |||
====Step 1 - encrypt files==== | |||
The first step is to pick a secret passphrase and use it to encrypt any secret file you have. | |||
Use the following command to encrypt your file: | |||
<pre> | |||
openssl aes-256-cbc -k "<your password>" -in secrets.tar.gz -out secrets.tar.gz.enc | |||
</pre> | |||
====Step 2 - add keys to Travis settings==== | |||
Log in to Travis and navigate to the project. Modify the | |||
settings of the repository. There is a section where you | |||
can add environment variables. | |||
Add a new environment variable named <code>credentials_password</code> | |||
with the value of <code><your password></code> (same password used in | |||
the above command). | |||
====Step 3 - add decrypt step to .travis.yml==== | |||
Now you can add the following command in your | |||
<code>.travis.yml</code> file to decrypt the secrets file: | |||
<pre> | |||
before_install: | |||
- ... | |||
- cd tests/ | |||
- openssl aes-256-cbc -k "$credentials_password" -in secrets.tar.gz.enc -out secrets.tar.gz -d | |||
- ... | |||
</pre> | |||
Once you've added the encrypted secrets file | |||
(don't add the original, unencrypted secrets file!), | |||
you can commit it along with the <code>.travis.yml</code> file, | |||
and Travis should be able to access the secrets | |||
using the secret password provided via the environment | |||
variable. | |||
===Example=== | |||
See https://github.com/dcppc/centillion for an example of a repository that uses encrypted secrets to run Travis tests. | |||
==Flags== | ==Flags== | ||
Latest revision as of 20:47, 10 March 2019
Encrypting strings
Encryption keys and encrypting strings: https://docs.travis-ci.com/user/encryption-keys/
Encrypting files
Instructions for encrypting/decrypting can be found in the Travis documentation here:
https://docs.travis-ci.com/user/encrypting-files/
Let Travis handle encryption automatically
The short version:
- Install the travis command line tool
brew install travis - Encrypt the file with the travis command line tool
travis encrypt-file FILE - Add the openssl command given here [1] to
.travis.yml
IMPORTANT: You can only encrypt ONE file per repository, so if you have multiple files to encrypt, put them in a tar file and encrypt the tar file.
Do encryption manually
if you are having trouble with Travis not automatically adding the encryption credentials above to the right repository (which you may have a problem with if you are dealing with forks), you may want to manually encrypt/decrypt secrets.
This is a three step process:
Step 1 - encrypt files
The first step is to pick a secret passphrase and use it to encrypt any secret file you have.
Use the following command to encrypt your file:
openssl aes-256-cbc -k "<your password>" -in secrets.tar.gz -out secrets.tar.gz.enc
Step 2 - add keys to Travis settings
Log in to Travis and navigate to the project. Modify the settings of the repository. There is a section where you can add environment variables.
Add a new environment variable named credentials_password
with the value of <your password> (same password used in
the above command).
Step 3 - add decrypt step to .travis.yml
Now you can add the following command in your
.travis.yml file to decrypt the secrets file:
before_install: - ... - cd tests/ - openssl aes-256-cbc -k "$credentials_password" -in secrets.tar.gz.enc -out secrets.tar.gz -d - ...
Once you've added the encrypted secrets file
(don't add the original, unencrypted secrets file!),
you can commit it along with the .travis.yml file,
and Travis should be able to access the secrets
using the secret password provided via the environment
variable.
Example
See https://github.com/dcppc/centillion for an example of a repository that uses encrypted secrets to run Travis tests.