This bash script can be used to encrypt secrets for a Travis CI configuration (`.travis.yml`) with the project specific public key.

README.md

Usage

• Download script travis-encrypt.sh
• Make it executable chmod +x travis-encrypt.sh
• Run the script with ./travis-encrypt.sh -r username/repositoryname -e example
  • It will return something like O+woVD9K+PeFrcyu5GCjKSFvfcSPwDW0kyDYEQnNbwt/iSkqjpl2OPA9W//KEKEB9UUSZD+XmQ3Ij0gnvJnOowcWY5sSeJlVEVTrSer0kW6uWpa/uWzDHCBz2YhBnI6u9SfYfMkhDl22pcaCEwaUkmK2gjcVo+v0bS8vAQFz0Na5/WiKj0GkSX50iIGgfaXheuC8KgIC25T0h+czpap7vb13OlblMnClfyTH9+TmAwTlcV7ljXpv1QY+K72L8jK1/CQVZ8quBYrBwwxO2V6cpXRMMCIw4m4lqxUyN4FBGnq7cJ7BWLzeqSMpFBoP+ZxAqS5yem8KLh1VkEo7PVjCkZE6M+2meFf2VJEVUs/KJY9xnH3eDzipWkwXon2qVpCkT7FDEzGFs/DapYsSo7eCO6pUYYhcpaYpWeYV9DSSV0QcrOeZp664iJMHWPSmrs/lESbbHpKWsM/AFVB9X75q/OB+QU0tQxpReZmKw3ZHbDVMlmlwhP8VSiQ05LV2W6gYzADGiUiL6n1X8teeHEVDSZnD7nrxMD/FchnWI5La3tZeFovRMf6hH3NItW+QZaGaGNftJrP488J/F2hCycPJk3+YrxbBCGHE2X379QbkMz3S0B5UiAcJKmwuTstF6X3CCurZVYIkUGGXhnmalPtVpEqxeTiLw5RU6C9z2qSwhhw=
• Use the encrypted secret in your .travis.yml according to https://docs.travis-ci.com/user/encryption-keys/#Usage

travis-encrypt.sh

#!/bin/bash

usage() { echo -e "Travis Encrypt Script\nUsage:\t$0 \n -r\t<username/repository> \n -e\t<string which should be encrypted>" 1>&2; exit 1; }

while getopts ":r:e:" param; do
  case "${param}" in
    r)
      r=${OPTARG}
      ;;
    e)
      e=${OPTARG}
      ;;
    *)
      usage
      ;;
  esac
done
shift $((OPTIND -1))

if [ -z "${r}" ] || [[ !(${r} =~ [[:alnum:]]/[[:alnum:]]) ]] || [ -z "${e}" ]; then
  usage
fi

key_match="\"key\":\"([^\"]+)\""
key_url="https://api.travis-ci.org/repos/${r}/key"
request_result=$(curl --silent $key_url)

if [[ !($request_result =~ $key_match) ]]; then
  echo "Couldn't retrieve key from ${key_url}. "
  usage
fi

echo -n "${e}" | openssl rsautl -encrypt -pubin -inkey <(echo -e "${BASH_REMATCH[1]}") | openssl base64 -A
echo

what's the '-e example' for?

-e is the parameter for the string you want to encrypt with the retrieved key. In this example it's example.

This seems to produce inaccurate results, sadly. Not posting the actual password (ofc!) but this snippet gives me this:

A/sJiu48WEeBhBWxK4Zmg2GWutgiyE0v0K8TFNjNIpQNXgdEkKBDf4odgtgBPYVyC3ZQZCvkXYBtmGOgH/ZkIzctPNjjEgWGI/If9jLqwGhvLi42JHwk7ZylurB5EZeC7ECkBVlUahK8HdBtHDtnLnEVI/EnZL7YefVDxDJmnMQdga+gDsCjt5flpKNp9Ed3jQT9ygWKKqVJtXOrLgYZR0jGrbvoZq5McBM52vFI4a51gKv8VcOT2cP1xpP0o2ANUZ+50iTJfT3p2Ku2+U9VL24v7HmNFs/uHpqlaIaekHe//w9i0ZTjXegEQ40cqr7zQsbIRcmyqCTxTEigjWlEH6k1jDiNoR4Qi+X54h1Zq+u7acJmBzU+i6BYXCaPI/RuI27W0tr25L5EFkr0iabOSjJTRKHqxi8lnx1fTpKpTsH78AEM3XavgFY62JLjlH4TgbX4oXlqDbyhAqqXWOb5W6z9cwReMeCWMu3JJ36s5uxQoOgailjL4BdqkKmOjvD/GCGDhzGBgRZLAVzEDiipxIGsximbYz/0bQF+4Ro9JC8Ss/I9hs081c3FplbhVF4KbL92KL0PI3zYLcJAvKNavG6dLWTE1XbkxYFleRLkxt0+qo+grL8a6mvv0XhghqfiEEAtnazaVglCKwyAKBXuslxIWY1QZkzvR9zk+35JJ3Q=

Whereas the Ruby CLI's travis encrypt returns, for the same password + repo, this:

czQldYhxD/p4ZvATvaJZGNztdHE7zHdkw2bxd+PevQIwwuXsR02zn9KlbmAOcu8up7tkLa+p0n8GI+phUz968OSSfDIEKkaX6JBjAS9FC/lMr1fuxGsyMKHDFz76Y3fJs3Y+tenV2k04k7TBA1EyYhMZ06R2Xa5xaDVozOCmMD6rxm7LR3Y0enbdSxAn2GVLKy2pETMGEzlf0x8G9KNYOFU+iMiqF0C8MKPLOQPUOcxVGz85xDjLnhCMfKaFfARKemcPcVuRVqo188EQ7Zvxaes+EfAomDPhhfJjBQsYGue0T6qKav/h2zknPKlTycSyR16XvulMVfu8x+2FWWdJGY39MKZpNDj7bk36x1+ZklvJsJjia4LSroO8dghU3RXzVHSIXV/dpOjfKO6/5b/sEs1X5QwF+OkuX99FYrdRTt8Ug5ub5ZUtP5zsEGLwHdVaQubgl843CSTY5nTiB8pYlUhyU9PNq4xBaE0bOFWDmbfQ80HMh66HglYW1w3sjqRrnMG5bpJpnMXtyI33/kaX+0a43/5LPSBfgoonb7zWkOiPf7nXXwaUBehV3hqmzTRjL8JBHhsJ8IMLwhVtpk00E5e8jKPbwV7Ydagt4J/E1GjV6/l3fW7KI5jLbvoK35ohknyTr6iBO88Jc7F3nVNPk8WyhfDbJXMutnMq2AlhfAY=

Will share my machine specs (anything specific to look for?) as well as a comparison using a fake password when I get home.

Okay, running with repository eltrhn/ergo & password test returns:

LUyq/za+XRECn82JwE9wpA3CkQ2h6LTKS/2jQHEluQduZzLu1uLndNjF+XBrhSKTHajxWkx6uRMa7wIXZ4cuJsa24XON8o+4Fc2dl7Wf+A8kiPkshgG4mEo3LolAK5xy4getHOvh6y03FwPrl4SXH0neKj15PSR7KQrdNASmLhhkhdyf8Vou9UnkJ/8fBDhJ2bPOehZS5PsCNNmLjWgGCiN0IzbGFwieUZscuch+nWoUhAh2Aq2RSGvtmR3VWhvg1OpIqr5oDeoovc07LmoH8qi4ajk/+OMe2Kqbb5qnQmh1mzJbtuhjfGNglK0K/h040f0EgKMt5sSSgTxmRC4pmsJffpjRwBxvBscVqp6nQ1mrhWPgQ3lvkYODD0Zhk88WdceN+ptNOfduGbZdA4JgsyyOAip604frwq5a0WcZw/8OP6A4Rh858PE8cbpzKpSDlVpf0CBXJGoYC27xPAzspzP8e08PPQGHsBisnHYQWlUgr9em/F9eTKE9r8IKxldkdUuBucMWRHsf5wFV//PyXqGeOZGJwHwwOZ9NKL7sNdOT+h8tlb1lmJO3OBlAHNuMX7ezFj52rNUnh/SKwZK7zQGSQIdcrccI8rjGwVkpDI6qHmP4nv/O0aqlDAiGUoVNuUHCbiXHfWX94L3sm1dqlnfRM+d1CB1V6jSjsyLlE/M=

Whereas travis encrypt on the same returns:

J5BvY/eebRqqXPQtUc/C7ULAb3fIUykZ3DppMp2Sos+Yq70xTJcoeC5ldh/lTs8UiyUev9ZWJgJkzbtpdhRxMyFMkxxltNHW6YZQ6qsvxDLH4uZTCDPU8eYpFDnMNjlwmwVQCgtrf5M0fKrn4pGrcixFRnFR3fa+ZsYTdxHsmAg3CdEEDjMn7tT5+NUuVtWDbbtcrVCJBOgjzbS/G9mXy/VisxeWXFUeLb6Ba+wAQhp09D8EI3lD3i9xm46vjgWVeqx6ulTS9e7Gii2qWZgbw0M1LODnBjFLpxt4DFVqfwMR91Twn5tTu5mC1/XggHGAU49vm6iQjli5m1RSV56ZixnLcUgWPhKmOOPLvEXIMps6Fj5hHIiStxG9Wq6jFPm//gx2uPctTgKrshGZm+HXiK4++Uv+XdBDbtizvDW2A+T7tFpaitLyG6E6BoQDmuxHG/qH2z59T9Ir/vs8D9AvUmaWNA2l0/aNcNWDFMHbOHRx0BIR/N6v0WXxzRWU6Lgv0OipptdpBJRnX4Zv4Xf3GrYd6YdYyYkoi0duAwd4y9O4fZUC1C4eh81ajE3IdDpeeE675wJTTYovXWQMPH8fnWqOZiTW//sUOlqEK8ZU29iUfdZJgPhgMiKXzYwVTUOUaPtEiIB6ZJmDkWLXwaVrYAKknexlXJCVY9hPzowVtqw=

openssl version shows OpenSSL 1.1.0g 2 Nov 2017.

I've just tested it and it still works. I'm on 'OpenSSL 1.1.0h 27 Mar 2018'.
Remember it only works on public repos.