Created
December 9, 2012 00:24
-
-
Save lukewpatterson/4242707 to your computer and use it in GitHub Desktop.
squeezing private SSH key into .travis.yml file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Tricks to add encrypted private SSH key to .travis.yml file | |
To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L21 | |
base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64 | |
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)" | |
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_ | |
Ha! it takes 30 lines to squeeze it all in. | |
To reconstitute the private SSH key once running inside Travis: (see example use here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L13) | |
- echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64 | |
- base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa | |
- chmod 600 ~/.ssh/id_rsa | |
- echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Why not encrypt the private key file with 'travis encrypt' and store it as a travis environment variable?
Encryption and conversion code
Decryption code in .travis.yml
echo $DEPLOY_KEY_ENC | base64 --decode | openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -out ~/.ssh/id_rsa -d