Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to share credentials used in Travis-CI

Tags:

travis-ci

If I have a private registry, e.g. Artifactory, what is the best way to share the RW key with the development team? Of course, it is not desired that all dev have possession of the common RW key or credentials which is used by Travis-CI. (each dev has own).

I would like to encrypt the credentials with a private key and provide that key to Travis-ci. It would be then safe to distribute encrypted credentials and use the job settings in travis-ui. Travis would then decrypt the credentials and use them for the job.

The credentials are not leaked, DevOps person doesn't go crazy updating all keys in UI-setting manually and devs can set up new Travis job and use the encrypted version in Travis-ui. Everybody is happy. Is it possible?

like image 701
webduvet Avatar asked Nov 12 '19 15:11

webduvet

People also ask

Which of the following encryption scheme is used by Travis CI?

Encryption scheme # Travis CI uses asymmetric cryptography. For each registered repository, Travis CI generates an RSA keypair. Travis CI keeps the private key private, but makes the repository's public key available to those who have access to the repository.

Which of the following file is used to configure the Travis CI?

Configuration. Travis CI is configured by adding a file named . travis. yml , which is a YAML format text file, to the root directory of the repository.

Which of following option is used to automatically decrypt the command in Travis CI?

The travis encrypt-file command will encrypt a file for you using a symmetric encryption (AES-256), and it will store the secret in a secure variable. It will output the command you can use in your build script to decrypt the file. Make sure to add super_secret.

1 Answers

Travis provides Encryption keys:

A repository’s .travis.yml file can have “encrypted values”, such as environment variables, notification settings, and deploy api keys. These encrypted values can be added by anyone, but are only readable by Travis CI. The repository owner does not keep any secret key material.

Please note that encrypted environment variables are not available for pull requests from forks.

How it works:

  1. Download and install Travis CLI

     gem install travis

  2. Encrypt the variable

     travis encrypt SOMEVAR="secretvalue"

  3. Then you can use the encrypted value inside .travis.yml using secure: (that I guess is what you need in order not to change the environment variables in every repository)

     secure: ".... encrypted data ...."

    It is also possible to automatically include the encrypted value into your .travis.yml by executing:

     travis encrypt SOMEVAR="secretvalue" --add

While Travis executes the job, the encrypted key,

   env:
     - secure: "encrypted string"

becomes

   env:
     - "decrypted string"

I have the same problem in my pipelines and I will give a try.

like image 185
Carlos Cavero Avatar answered Oct 19 '22 20:10

Carlos Cavero
Sign in to Comment

Related questions

Install ruby headers with rvm
Travis CI skip test and deploy
Which continuous integration server is able to queue jobs?
Trigger travis ci builds if another git repository updates [duplicate]
Error starting docker postgres on travis-
Springboot HttpMessageNotWritableException: No converter for [...] with preset Content-Type 'null']
Xcode 6.4 Swift Unit Test Won't Compile: "GPUImage.h not found" "failed to import bridging header"
Travis-CI: Using environment variables in the deploy section of the .travis.yml file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!