Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Using secret api keys on travis-ci

I'd like to use travis-ci for one of my projects.

The project is an API wrapper, so many of the tests rely on the use of secret API keys. To test locally, I just store them as environment variables. What's a safe way to use those keys on Travis?

like image 862
user94154 Avatar asked Feb 18 '12 04:02

user94154


People also ask

Which of the following encryption scheme is used by Travis CI?

Encryption scheme # Travis CI uses asymmetric cryptography. For each registered repository, Travis CI generates an RSA keypair. Travis CI keeps the private key private, but makes the repository's public key available to those who have access to the repository.

How do I encrypt a Travis file?

Here we can use the encrypt command: travis encrypt super_secret_password=ahduQu9ushou0Roh --add - note that if you set this up multiple times for multiple files, you will have to use different variable names so the passwords don't override each other. Encrypt the file locally.

How do you trigger Travis CI?

Trigger Travis CI builds using the API V3 by sending a POST request to /repo/{slug|id}/requests : Get an API token from your Travis CI settings page. You'll need the token to authenticate most of these API requests.

What is Travis Yaml?

travis. yml , which is a YAML format text file, to the root directory of the repository. This file specifies the programming language used, the desired building and testing environment (including dependencies which must be installed before the software can be built and tested), and various other parameters.


2 Answers

Travis has a feature to encrypt environment variables ("Encrypting environment variables"). This can be used to protect your secret API keys. I've successfully used this for my Heroku API key.

All you have to do is install the travis gem, encrypt the string you want and add the encrypted string in your .travis.yml. The encryption is only valid for one repository. The travis command gets your public key for your repo and can then decrypt the string during the build.

gem install --user travis travis encrypt MY_SECRET_ENV=super_secret -r my_username/my_repo 

This gives you the following output:

Please add the following to your .travis.yml file:    secure: "OrEeqU0z6GJdC6Sx/XI7AMiQ8NM9GwPpZkVDq6cBHcD6OlSppkSwm6JvopTR\newLDTdtbk/dxKurUzwTeRbplIEe9DiyVDCzEiJGfgfq7woh+GRo+q6+UIWLE\n3nowpI9AzXt7iBhoKhV9lJ1MROrnn4DnlKxAEUlHTDi4Wk8Ei/g=" 
like image 126
Odi Avatar answered Sep 25 '22 22:09

Odi


according to this in travis ci documentation it's said that :

If you have both the Heroku and Travis CI command line clients installed, you can get your key, encrypt it and add it to your .travis.yml by running the following command from your project directory:

travis encrypt $(heroku auth:token) --add deploy.api_key 

refer to the following tutorial to install heroku client according to your OS

like image 43
Espoir Murhabazi Avatar answered Sep 25 '22 22:09

Espoir Murhabazi