Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
squeezing private SSH key into .travis.yml file
Tricks to add encrypted private SSH key to .travis.yml file
To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here:
base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)"
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_
Ha! it takes 30 lines to squeeze it all in.
To reconstitute the private SSH key once running inside Travis: (see example use here:
- echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64
- base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- echo -e "Host\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config

brilliant! thank you

exactly what i was looking for, thanks a lot! :)

breerly commented Feb 14, 2014

+1 thanks alot :)

This is excellent!
It required some significant modification for use on the mac. split, for example, has different options. I created a mac version:

koter84 commented May 19, 2014

Thanks for sharing this code!

The OS X version on doesn't understand that {00..30} should give 00 01 02..etc and just returns 0 1 2..etc
so the first 10 variables won't get printed to the file, and the key (obviously) doesn't work...

i solved it with a small for-loop combined with printf, also my version works the same on the linux and osx workers

letmaik commented Dec 28, 2014

The travis CLI changed a little, has to be travis encrypt -r me/repo now, note the -r.

EDIT: Just noticed that travis now has the ability to encrypt files directly. (see travis encrypt-file)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment