Skip to content

Instantly share code, notes, and snippets.

@lukewpatterson
Created December 9, 2012 00:24
Show Gist options
  • Save lukewpatterson/4242707 to your computer and use it in GitHub Desktop.
Save lukewpatterson/4242707 to your computer and use it in GitHub Desktop.
squeezing private SSH key into .travis.yml file
Tricks to add encrypted private SSH key to .travis.yml file
To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L21
base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)"
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_
Ha! it takes 30 lines to squeeze it all in.
To reconstitute the private SSH key once running inside Travis: (see example use here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L13)
- echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64
- base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
@maboloshi
Copy link

Why not encrypt the private key file with 'travis encrypt' and store it as a travis environment variable?

Encryption and conversion code

travis encrypt-file ./id_rsa -r xxxx/xxxxxx
travis env set DEPLOY_KEY_ENC `base64 -i ./id_rsa.enc | tr -d '\n'` --private -r xxxx/xxxxxx

Decryption code in .travis.yml

echo $DEPLOY_KEY_ENC | base64 --decode | openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -out ~/.ssh/id_rsa -d

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment