Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
squeezing private SSH key into .travis.yml file
Tricks to add encrypted private SSH key to .travis.yml file
To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L21
base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)"
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_
Ha! it takes 30 lines to squeeze it all in.
To reconstitute the private SSH key once running inside Travis: (see example use here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L13)
- echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64
- base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
@StefanLiebenberg

This comment has been minimized.

Copy link

commented Sep 29, 2013

brilliant! thank you

@otruffer

This comment has been minimized.

Copy link

commented Jan 23, 2014

exactly what i was looking for, thanks a lot! :)

@breerly

This comment has been minimized.

Copy link

commented Feb 14, 2014

+1 thanks alot :)

@davestern

This comment has been minimized.

Copy link

commented Mar 5, 2014

This is excellent!
It required some significant modification for use on the mac. split, for example, has different options. I created a mac version:

https://gist.github.com/davestern/9377538

@koter84

This comment has been minimized.

Copy link

commented May 19, 2014

Thanks for sharing this code!

The OS X version on Travis-CI.org doesn't understand that {00..30} should give 00 01 02..etc and just returns 0 1 2..etc
so the first 10 variables won't get printed to the file, and the key (obviously) doesn't work...

i solved it with a small for-loop combined with printf, also my version works the same on the linux and osx workers
https://gist.github.com/koter84/e46e675960d964fdb48d

@letmaik

This comment has been minimized.

Copy link

commented Dec 28, 2014

The travis CLI changed a little, has to be travis encrypt -r me/repo now, note the -r.

EDIT: Just noticed that travis now has the ability to encrypt files directly. (see travis encrypt-file)

@carlessistare

This comment has been minimized.

@maboloshi

This comment has been minimized.

Copy link

commented Mar 16, 2018

Why not encrypt the private key file with 'travis encrypt' and store it as a travis environment variable?

Encryption and conversion code

travis encrypt-file ./id_rsa -r xxxx/xxxxxx
travis env set DEPLOY_KEY_ENC `base64 -i ./id_rsa.enc | tr -d '\n'` --private -r xxxx/xxxxxx

Decryption code in .travis.yml

echo $DEPLOY_KEY_ENC | base64 --decode | openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -out ~/.ssh/id_rsa -d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.