Skip to content

Instantly share code, notes, and snippets.

@lukewpatterson
Created December 9, 2012 00:24
Show Gist options
  • Save lukewpatterson/4242707 to your computer and use it in GitHub Desktop.
Save lukewpatterson/4242707 to your computer and use it in GitHub Desktop.
squeezing private SSH key into .travis.yml file
Tricks to add encrypted private SSH key to .travis.yml file
To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L21
base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)"
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_
Ha! it takes 30 lines to squeeze it all in.
To reconstitute the private SSH key once running inside Travis: (see example use here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L13)
- echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64
- base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
@StefanLiebenberg
Copy link

brilliant! thank you

@otruffer
Copy link

exactly what i was looking for, thanks a lot! :)

@HelloGrayson
Copy link

+1 thanks alot :)

@davestern
Copy link

This is excellent!
It required some significant modification for use on the mac. split, for example, has different options. I created a mac version:

https://gist.github.com/davestern/9377538

@koter84
Copy link

koter84 commented May 19, 2014

Thanks for sharing this code!

The OS X version on Travis-CI.org doesn't understand that {00..30} should give 00 01 02..etc and just returns 0 1 2..etc
so the first 10 variables won't get printed to the file, and the key (obviously) doesn't work...

i solved it with a small for-loop combined with printf, also my version works the same on the linux and osx workers
https://gist.github.com/koter84/e46e675960d964fdb48d

@letmaik
Copy link

letmaik commented Dec 28, 2014

The travis CLI changed a little, has to be travis encrypt -r me/repo now, note the -r.

EDIT: Just noticed that travis now has the ability to encrypt files directly. (see travis encrypt-file)

@carlessistare
Copy link

@maboloshi
Copy link

Why not encrypt the private key file with 'travis encrypt' and store it as a travis environment variable?

Encryption and conversion code

travis encrypt-file ./id_rsa -r xxxx/xxxxxx
travis env set DEPLOY_KEY_ENC `base64 -i ./id_rsa.enc | tr -d '\n'` --private -r xxxx/xxxxxx

Decryption code in .travis.yml

echo $DEPLOY_KEY_ENC | base64 --decode | openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -out ~/.ssh/id_rsa -d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment