Travis/Secrets: Difference between revisions
From charlesreid1
| Line 5: | Line 5: | ||
==Encrypting files== | ==Encrypting files== | ||
Instructions for encrypting/decrypting can be found | |||
in the Travis documentation here: | |||
https://docs.travis-ci.com/user/encrypting-files/ | |||
===Let Travis handle encryption automatically=== | |||
The short version: | The short version: | ||
| Line 14: | Line 19: | ||
IMPORTANT: You can only encrypt ONE file per repository, so if you have multiple files to encrypt, put them in a tar file and encrypt the tar file. | IMPORTANT: You can only encrypt ONE file per repository, so if you have multiple files to encrypt, put them in a tar file and encrypt the tar file. | ||
===Do encryption manually=== | |||
if you are having trouble with Travis not automatically adding the encryption credentials above to the right repository (which you may have a problem with if you are dealing with forks), you may want to manually encrypt/decrypt secrets. | |||
This is a three step process: | |||
====Step 1 - encrypt files==== | |||
The first step is to pick a secret passphrase and use it to encrypt any secret file you have. | |||
Use the following command to encrypt your file: | |||
<pre> | |||
openssl aes-256-cbc -k "<your password>" -in secrets.tar.gz -out secrets.tar.gz.enc | |||
</pre> | |||
====Step 2 - add keys to Travis settings==== | |||
Log in to Travis and navigate to the project. Modify the | |||
settings of the repository. There is a section where you | |||
can add environment variables. | |||
Add a new environment variable named <code>credentials_password</code> | |||
with the value of <code><your password></code> (same password used in | |||
the above command). | |||
====Step 3 - add decrypt step to .travis.yml==== | |||
Now you can add the following command in your | |||
<code>.travis.yml</code> file to decrypt the secrets file: | |||
<pre> | |||
before_install: | |||
- ... | |||
- cd tests/ | |||
- openssl aes-256-cbc -k "$credentials_password" -in secrets.tar.gz.enc -out secrets.tar.gz -d | |||
- ... | |||
</pre> | |||
Once you've added the encrypted secrets file | |||
(don't add the original, unencrypted secrets file!), | |||
you can commit it along with the <code>.travis.yml</code> file, | |||
and Travis should be able to access the secrets | |||
using the secret password provided via the environment | |||
variable. | |||
==Flags== | ==Flags== | ||
Revision as of 20:46, 10 March 2019
Encrypting strings
Encryption keys and encrypting strings: https://docs.travis-ci.com/user/encryption-keys/
Encrypting files
Instructions for encrypting/decrypting can be found in the Travis documentation here:
https://docs.travis-ci.com/user/encrypting-files/
Let Travis handle encryption automatically
The short version:
- Install the travis command line tool
brew install travis - Encrypt the file with the travis command line tool
travis encrypt-file FILE - Add the openssl command given here [1] to
.travis.yml
IMPORTANT: You can only encrypt ONE file per repository, so if you have multiple files to encrypt, put them in a tar file and encrypt the tar file.
Do encryption manually
if you are having trouble with Travis not automatically adding the encryption credentials above to the right repository (which you may have a problem with if you are dealing with forks), you may want to manually encrypt/decrypt secrets.
This is a three step process:
Step 1 - encrypt files
The first step is to pick a secret passphrase and use it to encrypt any secret file you have.
Use the following command to encrypt your file:
openssl aes-256-cbc -k "<your password>" -in secrets.tar.gz -out secrets.tar.gz.enc
Step 2 - add keys to Travis settings
Log in to Travis and navigate to the project. Modify the settings of the repository. There is a section where you can add environment variables.
Add a new environment variable named credentials_password
with the value of <your password> (same password used in
the above command).
Step 3 - add decrypt step to .travis.yml
Now you can add the following command in your
.travis.yml file to decrypt the secrets file:
before_install: - ... - cd tests/ - openssl aes-256-cbc -k "$credentials_password" -in secrets.tar.gz.enc -out secrets.tar.gz -d - ...
Once you've added the encrypted secrets file
(don't add the original, unencrypted secrets file!),
you can commit it along with the .travis.yml file,
and Travis should be able to access the secrets
using the secret password provided via the environment
variable.