Adding encrypted environment variables to Travis via the project settings vs. .travis.yml

Asked Jul 29 '16 at 22:24

Active Jul 29 '16 at 22:24

Viewed 269 times

The travis Ruby gem command has two commands, travis encrypt, and travis encrypt-file. travis encrypt encrypts an environment variable, and spits out an encrypted value to put in env/global/secure in the .travis.yml file.

travis encrypt-file encrypts the given file, then uploads the key and iv to the project settings in Travis via the API (which requires a login).

I'm writing an application that encrypts a file for Travis (not using the travis Ruby gem), and I'm wondering if there are any good reasons to upload the encryption key to the Travis project to an environment variable via the API for encrypted files, vs. just encrypting it adding it to the .travis.yml a la travis encrypt, particularly if there are any security concerns from doing it one way over the other.

asked Jul 29 '16 at 22:24

asmeurer

86,894
26
169
240

There is probably no difference. If there is, however, it's probably in private/secure variable scoping (e.g. secure env vars unavailable in PRs because security). Encrypted variables are per-slug anyway. – набиячлэвэли Jul 30 '16 at 00:03
@набиячлэвэли what do you mean encrypted variables are per-slug? – asmeurer Jul 30 '16 at 00:19
Refer to https://docs.travis-ci.com/user/encryption-keys/ – набиячлэвэли Jul 30 '16 at 00:50
@asmeurer: A `slug` is the `$username/$reponame` combination. – joepd Jul 30 '16 at 09:06

Adding encrypted environment variables to Travis via the project settings vs. .travis.yml

0 Answers0