- create a PGP pub/sec key pair (see https://github.com/scalacenter/sbt-release-early/wiki/How-to-create-a-gpg-key)
- add
local.*
to your .gitignore file, because we don't want to accidentally add unencrypted files to the git repo. - create a
travis
directory in your project:mkdir travis
- copy the generated
pubring.asc
andsecring.asc
files to thetravis
directory and rename tolocal.pubring.asc
andlocal.secring.asc
- install travis client (if not installed yet):
gem install travis
- login to travis from command line:
travis login
- tar-gzip the files to be encoded:
tar cv -C travis -f travis/local.secrets.tar local.pubring.asc local.secring.asc
- encode the
secrets.tar
file:travis encrypt-file travis/local.secrets.tar -o travis/secrets.tar.enc -p
. See https://docs.travis-ci.com/user/encrypting-files/#Encrypting-multiple-files for more details. - add the following lines at the end of your
.travis.yml
file. This will This will decrypt the archive and make thelocal.pubring.asc
andlocal.secring.asc
available to the travis build, but only when it is NOT building a pull request.
before_install:
- if [ $TRAVIS_PULL_REQUEST = 'false' ]; then
openssl aes-256-cbc -K $encrypted_474c3e42cec4_key -iv $encrypted_474c3e42cec4_iv -in travis/secrets.tar.enc -out travis/secrets.tar -d;
tar xv -C travis -f travis/secrets.tar;
fi
- encrypt the pgp passphrase into
PGP_PASS
environment variable:travis encrypt 'PGP_PASS=MyDirtyLittleSecret --add
. The --add option will add the encrypted environment variable to your.travis.yml
files. Also make sure to escape special characters as needed, check https://docs.travis-ci.com/user/encryption-keys/#Note-on-escaping-certain-symbols for more info. - I'm publishing to bintray so I additionally also encrypted the BINTRAY_USER and BINTRAY_PASS environment variables. The BINTRAY_PASS is actually your bintray API token.