Travis integration may expose integration keys #237
Comments
|
You can configure Circle CI to use an authorized SSH key that will never suffer from this problem, or use a simpler solution, such as this: https://github.com/martinthomson/i-d-template/blob/master/ghpages.mk#L67-L68 You lose the output, so the answer on stackoverflow is more elegant, but it works well enough. |
|
@martinthomson the "such as this" part seems to suffer from the same key exposure problem. |
|
@vlm, how so? Echoing the line is suppressed and all output is directed to |
|
@martinthomson ah, you are correct. Didn't notice the |
|
Incidentally, I tried the solution that is described in the stack overflow answer. It works great for Travis and locally. However, I also support Circle CI, and it fails miserably there. I haven't figured out how to override how credentials are selected. I tried tricking it in several different ways, but it seems like the SSH key circle uses takes precedence. It looks like the output suppression is going to stay :( |
|
This repository is deprecated & un-maintained. Closing this issue. If applicable, please move discussion to the replacement IETF owned repo and the mailing list. |
Suggested change: hide the GH_TOKEN environment varibable from being exposed by potential
git pushfailure (network related or some temporary github glitch will cause such failures), according to this instruction:http://stackoverflow.com/questions/18027115/committing-via-travis-ci-failing
The text was updated successfully, but these errors were encountered: