Created
December 9, 2012 00:24
-
-
Save lukewpatterson/4242707 to your computer and use it in GitHub Desktop.
squeezing private SSH key into .travis.yml file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tricks to add encrypted private SSH key to .travis.yml file | |
To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L21 | |
base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64 | |
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)" | |
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_ | |
Ha! it takes 30 lines to squeeze it all in. | |
To reconstitute the private SSH key once running inside Travis: (see example use here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L13) | |
- echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64 | |
- base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa | |
- chmod 600 ~/.ssh/id_rsa | |
- echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config |
The travis CLI changed a little, has to be travis encrypt -r me/repo
now, note the -r
.
EDIT: Just noticed that travis now has the ability to encrypt files directly. (see travis encrypt-file
)
Alternative way:
https://gist.github.com/carlessistare/d87751214c188e007fcb
Why not encrypt the private key file with 'travis encrypt' and store it as a travis environment variable?
Encryption and conversion code
travis encrypt-file ./id_rsa -r xxxx/xxxxxx
travis env set DEPLOY_KEY_ENC `base64 -i ./id_rsa.enc | tr -d '\n'` --private -r xxxx/xxxxxx
Decryption code in .travis.yml
echo $DEPLOY_KEY_ENC | base64 --decode | openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -out ~/.ssh/id_rsa -d
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for sharing this code!
The OS X version on Travis-CI.org doesn't understand that {00..30} should give 00 01 02..etc and just returns 0 1 2..etc
so the first 10 variables won't get printed to the file, and the key (obviously) doesn't work...
i solved it with a small for-loop combined with printf, also my version works the same on the linux and osx workers
https://gist.github.com/koter84/e46e675960d964fdb48d