Comments (22)
This is a known issue. 128 characters is too long for the encryption, not for an env var.
from travis.rb.
Therefore what do I do for my Rails app? What is the longest string that is supported?
from travis.rb.
You could manually encrypt a file using the same SSH key, this guide is technically pro-specific, but you should be able to do the same thing on org.
from travis.rb.
The guide should be updated with the new way to get the public key, as per http://about.travis-ci.org/docs/user/encryption-keys/. Also, it would be nice if this were fixed.
from travis.rb.
The reason the limit is 128 characters is because of the protocol used. RSA public key encryption really shouldn't be used to encrypt longer strings. A better way is to encrypt the file with a symmetric algorithm and then use travis encrypt
to encrypt the symmetric passphrase.
from travis.rb.
Also ssh-keygen -e -m PKCS8 -f id_travis.pub > id_travis.pub.pem
tells me that -m
isn't recognized. I think the option is now -t
.
from travis.rb.
I was trying to encrypt a generated id_rsa
file so that I could push from a travis-ci machine, but then I discovered travis pubkey
, which I think gives me the contents of ~/.ssh/id_rsa.pub
on the travis-ci machine, and so I think I can just add that to the github repo to give the travis-ci machine push access.
from travis.rb.
Or maybe not. Is what I said false? It doesn't seem to work.
from travis.rb.
And on echo "$password" | openssl rsautl -encrypt -pubin -inkey id_travis.pub.pem -out secret
, I get unable to load Public Key
from travis.rb.
Rather, it seems that some ssh-keygen
s support -m
, and other's support neither -m
nor the PKCS8 output format (perhaps only PKCS1?). And I seem to have one of the latter kind.
from travis.rb.
travis pubkey
gives the public key of the private key we use to encrypt env vars.
We currently don't have a nice built in way to enable pushing to GitHub or other sources from Travis.
You could instead create an oauth token, encrypt it, and use that for pushing to GitHub?
On 17/08/2013, at 8:06 AM, Jason Gross [email protected] wrote:
Rather, it seems that some ssh-keygens support -m, and other's support neither -m nor the PKCS8 output format (perhaps only PKCS1?). And I seem to have one of the latter kind.
—
Reply to this email directly or view it on GitHub.
from travis.rb.
@henrikhodne Could you please provide the exact steps necessary to do this:
A better way is to encrypt the file with a symmetric algorithm and then use travis encrypt to encrypt the symmetric passphrase.
I'm trying to encrypt the 128-character secret key used by the latest version of Devise for use with Travis CI.
Thanks!
from travis.rb.
@henrikhodne when following the guide I get and empty JSON from Github, hence an empty id_travis.pub when executing the one-liner.
I also tried using 'travis pubkey' but I get this error:
travis pubkey > id_travis.pub
ssh-keygen -e -m PKCS8 -f id_travis.pub > id_travis.pub.pem
PEM_write_RSA_PUBKEY failed
from travis.rb.
The CLI can give you a pem directly: travis pubkey --pem
.
from travis.rb.
Thanks, that makes it much easier. I'm very close, I'm getting this error when the before_script executes:
$ secret=`openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in secret`
Error opening Private Key /home/travis/.ssh/id_rsa
140706337064608:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/home/travis/.ssh/id_rsa','r')
140706337064608:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key
The command "secret=`openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in secret`" failed and exited with 1 during before_script.
Your build has been stopped.
from travis.rb.
Also getting this error. Tried on a colleague’s computer who hadn’t upgraded to OS X Mavericks and it worked.
from travis.rb.
I "solve" it by encrypting SECRET using travis cli, instead of using the /.ssh/id_rsa/
.
travis encrypt secret=`cat /dev/urandom | head -c 10000 | openssl sha1` --add
before_script:
- openssl aes-256-cbc -k "$secret" -in config.xml.enc -d -a -out config.xml
from travis.rb.
This is what worked for me
travis-enc.sh
#!/usr/bin/env sh -u
ENC_FILE='envs.yml'
ENVS=$1
USER=$2
PROJECT=$3
encrypt_file () {
secret=$1
file=$2
openssl aes-256-cbc -a -k "$secret" -in $file -out $file.enc || return 1
git add $file.enc || return 1
git commit -m "Add encrypted travis file" || return 1
}
travis_cust_enc () {
username=$1
project=$2
key=$3
value=$4
file=$ENC_FILE
arg="'/$key/d'"
eval sed "$arg" envs.yml > $file
echo "$key: $value" >> $file
secret=`cat /dev/urandom | head -c 10000 | md5` || return 1
encrypt_file $secret $file || return 1
travis encrypt -r $USER/$PROJECT secret=$secret --add
}
add_env () {
result=$(PRINTENV $1)
count=$(PRINTENV $1 | wc -m)
if [ "$result" != '' ] && [ $count -gt 128 ]; then
echo "$1 > 128 chars. adding ENV via custom encryption"
travis_cust_enc $USER $PROJECT $1 $result
elif [ "$result" != '' ]; then
echo "adding $1 ENV via travis encrypt"
travis encrypt -r $USER/$PROJECT $1=$result --add
else
echo $1 not found!
fi
}
IFS=','
for ENV in $ENVS; do
add_env $ENV || exit 1
done
unset IFS
usage: travis-enc.sh 'ENV1,ENV2,ENV3' username repo
.travis.yml
before_script:
- openssl aes-256-cbc -d -k "$secret" -in envs.yml.enc -a -out envs.yml
file.py
import yaml
def getenv_from_file(env, yml_file):
result = yaml.load(file(yml_file, 'r'))
return result[env]
value = getenv_from_file(MY_ENV, 'envs.yml')
from travis.rb.
+1, would love to see a more straightforward solution for this!
from travis.rb.
see https://github.com/travis-ci/travis.rb/blob/master/examples/cli/encrypt_file.md
from travis.rb.
👍 thanks for the concise guide @rkh! I'm sure this will help a lot of people
from travis.rb.
The next release will come with an encrypt-file
command to address the issue: https://github.com/travis-ci/travis.rb#encrypt-file
from travis.rb.
Related Issues (20)
- Add feature to print the expanded job matrix
- Could not download rvm-installer in travis ci HOT 4
- how can i move to my repo in travis in linux system?i will appreciate you if you tell me the command
- Login report! Help needed.
- node_js lts/* failing on Windows HOT 1
- travis-build compile undefined method 'jobs' for nil:NilClass error HOT 1
- `travis open --github` not respecting `travis endpoint --github`
- logging in via travis-ci.org failed. HOT 1
- Error install travis - minitest requires Ruby version < 4.0, >= 2.6. The current ruby version is 2.5.0 HOT 1
- Does this support Assembla or the other beta accounts?
- update go back to base version
- ArgumentError: tried to create Proc object without a block HOT 4
- `raw` command fails for no apparent reason HOT 1
- `raw` command fails for no apparent reason
- open
- Error: resource not found ({} ) when running travis command HOT 1
- Any cli command results in resource not found error HOT 4
- Problem with uploading secret files HOT 1
- Viewsource_sever
- Encrypting Files Failed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from travis.rb.