-
-
Save lukewpatterson/4242707 to your computer and use it in GitHub Desktop.
Tricks to add encrypted private SSH key to .travis.yml file | |
To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L21 | |
base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64 | |
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)" | |
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_ | |
Ha! it takes 30 lines to squeeze it all in. | |
To reconstitute the private SSH key once running inside Travis: (see example use here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L13) | |
- echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64 | |
- base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa | |
- chmod 600 ~/.ssh/id_rsa | |
- echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config |
exactly what i was looking for, thanks a lot! :)
+1 thanks alot :)
This is excellent!
It required some significant modification for use on the mac. split
, for example, has different options. I created a mac version:
Thanks for sharing this code!
The OS X version on Travis-CI.org doesn't understand that {00..30} should give 00 01 02..etc and just returns 0 1 2..etc
so the first 10 variables won't get printed to the file, and the key (obviously) doesn't work...
i solved it with a small for-loop combined with printf, also my version works the same on the linux and osx workers
https://gist.github.com/koter84/e46e675960d964fdb48d
The travis CLI changed a little, has to be travis encrypt -r me/repo
now, note the -r
.
EDIT: Just noticed that travis now has the ability to encrypt files directly. (see travis encrypt-file
)
Alternative way:
https://gist.github.com/carlessistare/d87751214c188e007fcb
Why not encrypt the private key file with 'travis encrypt' and store it as a travis environment variable?
Encryption and conversion code
travis encrypt-file ./id_rsa -r xxxx/xxxxxx
travis env set DEPLOY_KEY_ENC `base64 -i ./id_rsa.enc | tr -d '\n'` --private -r xxxx/xxxxxx
Decryption code in .travis.yml
echo $DEPLOY_KEY_ENC | base64 --decode | openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -out ~/.ssh/id_rsa -d
brilliant! thank you