I tried running travis encrypt "some secret string" multiple times in the same repository, and it returned different encrypted strings each time. Does Travis use probabilistic encryption? If not, what am I doing wrong?
Edit: if there is an IV, how is this IV agreed upon by my local travis cli and the Travis servers? Can I view or change it?
See Probabilistic Encryption WRT block ciphers .
An example of different results encryption the same data in a block based encryption algorithm such as AES and CBC mode with a random IV. The IV can be prefixed to the encrypted data and the encrypted data will be different because there is a different IV each time the same data is encrypted, this is a common and good standard practice, the IV does not need to be secret.
If the IV can be prepended to the encrypted data it is available for decryption, no prior agreement ios required.
Here is CBC mode, notice that the IV is xor'ed with the first block of data and each subsequent block is xored with the previous encrypted block. Thus the IV affects every block of the encrypted data.
This is done so that two identical messages will not have the same encrypted data. Consider the case where one of two messages is sent on an on-going basis: "0" or "1" where 0 meant sell and 1 meant buy. If the encryption were the same each time even though the message themselves could not be determined the two states could be determined and which one it was.
Travis-ci uses aes-256-cbc for it's Automated Encryption.
There are other encryption options such as asymmetric encryption such as RSA that can use random padding.
