0

I wish to create an environment file not "variable" and get a path to it in the TravisCI pipeline.

Attached is the image of how we do the same in gitlab gitlab environment file image

I need to store secrets in a file refer is via a path in travisci pipeline. Ex: this is how we can do the same in Jenkins: "KUBECONFIG=/var/lib/jenkins/.kube/filename"

I am not will to upload my secrets file to github private repo.

Tannu Priya
  • 313
  • 2
  • 15

2 Answers2

0

The encrypt-file command will encrypt an entire file using symmetric (AES-256) encryption and stores the secret in a file. Let us create a file called secret.txt and add the following entries into it: SECRET_VALUE=ABCDE12345 CLIENT_ID=rocky123 CLIENT_SECRET=abc222222!

travis encrypt-file secret.txt -> give this command after creating secret.txt file and it will store result as secret.txt.enc and also shows ->add the following to your build script (before_install stage in your .travis.yml , for instance): - openssl aes-256-cbc -K $encrypted_74945c17fbe2_key -iv $encrypted_74945c17fbe2_iv -in secret.txt.enc -out secret.txt -d

Now add this entry into our .travis.yml script: ( before_install: - openssl aes-256-cbc -K $encrypted_74945c17fbe2_key -iv $encrypted_74945c17fbe2_iv -in secret.txt.enc -out secret.txt -d ) , It can then decrypt values in the secret text file for us

So it is to create a file and use command travis encrypt-file secret.txt, it will then produces an entry, copy that entry and add it into our .travis.yml file in before_install stage

make sure to add the secret.txt.enc to the git repository and make sure NOT to add the secret.txt to the git repository

Kovoor Prajwal
  • 1
  • 4
  • I am looking to store a secrets file in TravisCI, the solution provided is pertaining to shippable. – Tannu Priya Aug 02 '19 at 19:10
  • As mentioned in the question, I am not seeking a way to store secret value instead I looking to store a secrets file and retrieve a path to it, which I can further use in my pipeline. Please read the question before answering. – Tannu Priya Aug 05 '19 at 02:10
  • The encrypt-file command will encrypt an entire file using symmetric (AES-256) encryption and stores the secret in a file. Let us create a file called secret.txt and add the following entries into it: SECRET_VALUE=ABCDE12345 CLIENT_ID=rocky123 CLIENT_SECRET=abc222222! – Kovoor Prajwal Aug 05 '19 at 17:14
  • travis encrypt-file secret.txt -> give this command after creating secret.txt file and it will store result as secret.txt.enc and also shows ->add the following to your build script (before_install stage in your .travis.yml , for instance): openssl aes-256-cbc -K $encrypted_74945c17fbe2_key -iv $encrypted_74945c17fbe2_iv -in secret.txt.enc -out secret.txt -d – Kovoor Prajwal Aug 05 '19 at 17:20
  • Now add this entry into our .travis.yml script: ( before_install: - openssl aes-256-cbc -K $encrypted_74945c17fbe2_key -iv $encrypted_74945c17fbe2_iv -in secret.txt.enc -out secret.txt -d ) , It can then decrypt values in the secret text file for us – Kovoor Prajwal Aug 05 '19 at 17:30
  • So it is to create a file and use command travis encrypt-file secret.txt, it will then produces an entry, copy that entry and add it into our .travis.yml file in before_install stage – Kovoor Prajwal Aug 05 '19 at 17:31
  • make sure to add the secret.txt.enc to the git repository and make sure NOT to add the secret.txt to the git repository – Kovoor Prajwal Aug 05 '19 at 17:34
0

Generally, we cannot keep both the encryption key and encrypted file in the same place(i.e repo). So, we store the file somewhere else. Where are you storing it? How will you fetch it?

Kovoor Prajwal
  • 1
  • 4