Dan Lenski dlenski
dlenski
/ gist:3adcdd3dd5ed897a8e8c4f172726aaca
Created
January 20, 2018 03:23
— forked from kzap/gist:5819745
If you want to give only Travis-CI access to a private key or secret file in your repository, you will need to encrypt it, but rather than storing the entire encrypted file in an environment variable, just store the a secret password in a secure environment variable that you will use to encrypt and decrypt your private key file. The encryption o…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # generate your private key, put the public key on the server you will be connecting to | |
| ssh-keygen -t rsa -f ./my_key | |
| # generate the password/secret you will store encrypted in the .travis.yml and use to encrypt your private key | |
| cat /dev/urandom | head -c 10000 | openssl sha1 > ./secret | |
| # encrypt your private key using your secret password | |
| openssl aes-256-cbc -pass "file:./secret" -in ./my_key -out ./my_key.enc -a | |
| # download your Travis-CI public key via the API. eg: https://api.travis-ci.org/repos/travis-ci/travis-ci/key |