I created this micro-guide because I spent a few hours figuring how to automate my deployments to Dokku via Travis CI and hopefully makes it easier for anyone who comes across this. I will also use this as my own reference for future project deployments.
-
Create ssh keypairs
ssh-keygen -t rsa -b 4096 -f deploy.key -
Copy deploy.key.pub to .authorized_keys on server
vim /home/dokku/.ssh/authorized_keys -
Encrypt deploy.key via
gpg. It will ask to enter passphrase twice.gpg -c deploy.key -
Store your private and public keys in
.travis/, but make sure to adddeploy.keyanddeploy.key.pubto.gitignore. You only want to commit your encrypteddeploy.key.gpgfile to git. -
You can test decryption via gpg
echo "test" | gpg --passphrase-fd 0 deploy.key.gpg -
Using travis CLI, create the secure key for
.travis.yml. This will automatically add theenv.global.securekey with a value. This is how travis knows to set the super_secret_password envrionment variable.travis encrypt super_secret_password=supersecret --add -
See
.travis.ymlas a reference. The SSH setup steps are important to prepare the CI instance for pushing to git.
- I went with GPG instead of OpenSSL, because there were some inconsistencies across various versions that ended up leading to decryption errors in Travis CI, especially if using Windows. GPG worked right out of the box.
- Although this is used for deploying to Dokku, it can really be used to deploy anywhere that uses git/ssh deployments.
- Travis CLI has a ton of issues running on Windows, especially for generating encrypted files. I suggest running on OSX/Linux or Docker.