Skip to content

Instantly share code, notes, and snippets.

@psolyca

psolyca/github-deploy-keys.md

Last active May 4, 2020 15:30
Show Gist options
  • Save psolyca/43b7493b5dab836b16878d42be02f6c9 to your computer and use it in GitHub Desktop.
Save psolyca/43b7493b5dab836b16878d42be02f6c9 to your computer and use it in GitHub Desktop.
Download ZIP
Github deploy Key for Evetrade resources #evetrade
Raw
github-deploy-keys.md

Set up the SSH keys

1. Enable Travis CI

If you haven't, enable Travis CI for your repository by going to your Travis CI profile page and flicking the repository switch on.

2. Set up the SSH keys

2.1. Generate the SSH keys
ssh-keygen -t rsa -b 4096 -C "<your_email>" -f github_deploy_key -N ''

This will generate 2 keys in 2 different files:

  • public key in github_deploy_key.pub
  • private key in github_deploy_key
2.2. Add the public key to GitHub

  • Go to https://github.com/<username>/<repository>/settings/keys and click on Add deploy key:

  • Copy the public key (in this case, the content from github_deploy_key.pub)

  • ⚠️ Check the Allow write access checkbox

  • Add the key!

  • Remove the file containing the public key so that it's not accidentally committed

    rm github_deploy_key.pub
2.3 Install the Travis CLI
gem install travis
2.4. Login to Travis using the Travis CLI
travis login
2.5. Encrypt the file containing the private key

  • Use the Travis CLI to encrypt the file containing the private SSL key

    travis encrypt-file github_deploy_key

    The above will output something like:

    encrypting github_deploy_key for <username>/<repository>
storing result as github_deploy_key.enc
storing secure env variables for decryption

openssl aes-256-cbc -K $encrypted_XXXXXXXXXXXX_key -iv $encrypted_XXXXXXXXXXXX_iv -in github_deploy_key.enc -out github_deploy_key -d

Pro Tip: You can add it automatically by running with --add.

Make sure to add github_deploy_key.enc to the git repository.
Make sure not to add github_deploy_key to the git repository.
Commit all changes to your .travis.yml.

    ℹ️ The values of the $encrypted_XXXXXXXXXXXX_key and $encrypted_XXXXXXXXXXXX_iv environment variables will be automatically uploaded by the Travis CLI to Travis CI, see: https://travis-ci.org/<username>/<repository>/settings.

    ⚠️ $encrypted_XXXXXXXXXXXX_key and $encrypted_XXXXXXXXXXXX_iv are not the real names. XXXXXXXXXXXX are 12 hexa digits.

    Also, this is the reason why you needed to login to Travis using the Travis CLI at step 2.4..

    ⚠️ If Travis is asking for login --pro

    git config --unset travis.slug

  • Remove the file containing the private key so that it's not accidentally committed

    rm github_deploy_key
2.6. Set up SSH connection for Travis CI

ℹ️ The encrypted file generated at step 2.5. (github_deploy_key.enc) must be moved to the .travis/ directory from the root of the project.

Change the environnement variable name in the .travis.yml file at Line 15-16 to reflect the variable from https://travis-ci.org/<username>/<repository>/settings.

3. Add the environment variables GH_USER_NAME and GH_USER_EMAIL

The travis scrips will use the values of the GH_USER_EMAIL and GH_USER_NAME environment variables as the email and user name with which the commits will be made.

You should encrypt these variables by generating a secure key using the Travis CLI:

travis encrypt -r "<username>/<repository>" \
    GH_USER_EMAIL="<your_email>" \
    GH_USER_NAME="<your_name>"

The above will output something like:

Please add the following to your .travis.yml file:

secure: "<secure_key_value>"

Pro Tip: You can add it automatically by running with --add.

Then, once you have the secure key, change it in .travis.yml file at line 3.

    - secure: "<secure_key_value>"

4. Thanks

https://github.com/alrra/travis-scripts/blob/master/docs/github-deploy-keys.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment