Skip to content

Instantly share code, notes, and snippets.

Forked from lukewpatterson/gist:4242707
Last active February 22, 2021 13:27
Show Gist options
  • Save douglasduteil/5525750 to your computer and use it in GitHub Desktop.
Save douglasduteil/5525750 to your computer and use it in GitHub Desktop.
Here is how I allow Git SSH authentication in Travis CI. I'm using it to connect Travis to my repo organization AngularUI. This trick is a fork. The goal is to encode the RSA private deploy key in the .travis.yml as "-secure: xxxxx.....".
language: node_js
- '0.10'
- master
before_script: .travis/
script: echo -e " >>> Do something... \"grunt\" for example\n"
after_success: .travis/
- REPO="<org>/<repo>.git"
- secure: ! 'Ygr53DnnxZzzKrc/kMBdnVCkiBHNKsIhk7A8kmv7Rcmbx327ATCeEePB8GNd... etc... etc...
# Authentication
echo -e ">>> Authentication !"
git remote set-url origin $REPO.git
git config --global "<org@email>"
git config --global "<org> (via TravisCI)"
if [ -z "$id_rsa_{1..23}" ]; then echo 'No $id_rsa_{1..23} found !' ; exit 1; fi
# Careful ! Put the correct number here !!! (the last line number)
echo -n $id_rsa_{1..23} >> ~/.ssh/travis_rsa_64
base64 --decode --ignore-garbage ~/.ssh/travis_rsa_64 > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
echo -e ">>> Copy config"
mv -fv out/.travis/ssh-config ~/.ssh/config
echo -e ">>> Hi !"
ssh -T
echo -e "\n"
User git
IdentityFile ~/.ssh/id_rsa
StrictHostKeyChecking no
PasswordAuthentication no
CheckHostIP no
BatchMode yes
# Here, you will need to replace <org@email>, <org> and <repo>
# First you create a RSA public/private key pair just for Travis.
ssh-keygen -t rsa -C "<org@email>" -f ~/.ssh/travis_rsa
# Then following the official doc (,
# You add it to your organisation repo :<org>/<repo>/settings/keys
xclip -sel clip < ~/.ssh/
# Paste your key into the "Key" field ; Click "Add key" ; Confirm the action by entering your GitHub password
# Now comes the 'hard' part...
# Like you want to install it on Travis, you have to give it the key.
# Good thing is that Travis supports environment variables encryption with travis gem.
sudo gem install travis
# But you I the impression it's only support base64 values...
# So you have to convert our key.
base64 --wrap=0 ~/.ssh/travis_rsa > ~/.ssh/travis_rsa_64
# I'll direcly user the option "--add" so let's go to where your ".travis.yml" is
cd <somewhere>
# Also, the command "travis encrypt" has a length limit ~=100char.
# So, like I'm lazy. I just brutalize my bash...
bash <(cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | perl -pe 's/\s*(\d+)\s*(.*)/travis encrypt -r <org>\/<repo> id_rsa_$1="$2" --add')
# Now you have a lot of lines "- secure: ! 'xxxx...'" in my ".travis.yml"
# But you don't know how many... So just come back to the last command to get the tail of it.
cat ~/.ssh/travis_rsa_64 | perl -pe 's/(.{100})/$1\n/g' | nl | tail
# The brutal command just made a array of id : id_rsa_[0] to id_rsa_[n] where n is the number of lines. For me 23.
# End of the preparations. Now you'll have to decrypt all of this...
Copy link

Could you give more details regarding this code please? Also does it relate to this question ?

Copy link

I made it for the Angular UI Docs . Check it out

Copy link

show0k commented Jul 18, 2015

Thanks for the tip, but note that now, travis can encrypt files directly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment