Skip to content

Secure "env" configuration #45

Closed
wants to merge 4 commits into from

8 participants

@laserlemon

Hi guys,

I added the ability to public-key-encrypt the env configurations included in the build matrix. Here's why:

Let's say I have an open source Rails app that depends on connecting to an external service such as GitHub or RubyGems. I configure my app to keep those credentials in ENV (a la Heroku). In order to fully test on Travis, I need to include those credentials in the build env without exposing them publicly in .travis.yml.

I borrowed a page from the Campfire notification configuration, where you can encrypt your credentials.

I also cleaned up a bit of the code surrounding SecureConfig and its relation to SslKey.

I think this will open Travis up to many more public apps that rely on private configuration. Thanks and I hope it helps!

@joshk
Travis CI member
joshk commented Apr 15, 2012

This is pretty AWESOME

Thank you sooooo much! I have been meaning to do this for ages!

What do you think @svenfuchs @rkh @mattmatt ?

@laserlemon

Thanks. I have a blog post in the works and it's going to be a call to action for people to open source their Rails apps. Being able to test them all on Travis would be a big win.

@joshk
Travis CI member
joshk commented Apr 16, 2012
@laserlemon

I notice that people closed-source their Rails apps because they don't know what to do about private configurations like these. For apps that have to be private, Travis Pro is absolutely the right move. Otherwise, I think that apps that can be open sourced should be open sourced.

@svenfuchs
Travis CI member

looks good to me!

@laserlemon

:shipit:

@laserlemon

Rebased against master and green. 💚

@joshk
Travis CI member
joshk commented Apr 19, 2012
@laserlemon

Understood, and no problem. Enjoy Railsberry!

@laserlemon

By the way, I added Travis secure env support to Figaro for when this is shipped. Enjoy RailsConf!

@travisbot

This pull request fails (merged 1cdc574d into 52fb894).

@laserlemon

Hogwash!

@joshk
Travis CI member
joshk commented Apr 26, 2012
@laserlemon

Awesome, thank you!

@laserlemon

Rebased. 💚

@travisbot

This pull request passes (merged d6fe181e into d1945fc).

@joshk
Travis CI member
joshk commented Apr 30, 2012
@travisbot

This pull request passes (merged 7e588dee into 046bde6).

@svenfuchs
Travis CI member

what's up with this? can we merge?

@joshk
Travis CI member
joshk commented May 7, 2012
@travisbot

This pull request passes (merged 3f013c8 into 181a8e2).

@laserlemon

Secure env configurations can now be detected (and obfuscated) by travis-worker.

@joshk
Travis CI member
joshk commented May 8, 2012

Steve, regarding [:env, 'SECURE USE_GIT_REPOS=true'], how about instead [:env, { :secure => 'USE_GIT_REPOS=true' }] ?

@laserlemon

Woof. Okay, I'll have to get back to it another time.

@joshk
Travis CI member
joshk commented May 8, 2012
@laserlemon

Understood, although this only detects those that begin with "SECURE " so it wouldn't match:

SECURE=asdf FOO=bar HELLO=world
@luxflux
luxflux commented May 10, 2012

Just a short question: How will you generate such a key? I saw your code in Figaro, it looks quite easy. Would it be possible to add a form on the website to generate such values? Or a Gem for the cli? (I don't want to use figaro in a non-rails app)...

@ericanderson

+1, would love this.

@pangratz

😍 looking forward to this one ...

@joshk
Travis CI member
joshk commented Jul 17, 2012

I am closing this as commits from this PR were included with the PR by @drogus which has since been merged.

@joshk joshk closed this Jul 17, 2012
@pangratz

Is this already usable or is this not yet available on travis-ci.org?

@eigenein
eigenein commented Sep 9, 2012

+1 Is this usable now?

@laserlemon laserlemon referenced this pull request in laserlemon/figaro Apr 20, 2012
Open

Travis configuration #8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.