Secure "env" configuration #45
Conversation
|
This is pretty AWESOME Thank you sooooo much! I have been meaning to do this for ages! What do you think @svenfuchs @rkh @mattmatt ? |
|
Thanks. I have a blog post in the works and it's going to be a call to action for people to open source their Rails apps. Being able to test them all on Travis would be a big win. |
|
Travis Pro support is around the corner, so why not just test in private? On 16/04/2012, at 2:36 AM, Steve Richert wrote:
|
|
I notice that people closed-source their Rails apps because they don't know what to do about private configurations like these. For apps that have to be private, Travis Pro is absolutely the right move. Otherwise, I think that apps that can be open sourced should be open sourced. |
|
looks good to me! |
|
|
❓
|
Rebased against master and green. 💚 |
|
Hey Steve, I am sorry about my lack of reply to this PR, been super busy with getting donation packs ready, and now I am in Krakow for Railsberry. I will reply soon, promise. Josh <3<3<3 On 19/04/2012, at 3:40 AM, Steve Richert wrote:
|
|
Understood, and no problem. Enjoy Railsberry! |
|
By the way, I added Travis secure env support to Figaro for when this is shipped. Enjoy RailsConf! |
|
Hogwash! |
|
hahaha, i fixed the issue and pushed to master. On 26/04/2012, at 1:56 PM, Steve Richert wrote:
|
|
Awesome, thank you! |
|
Rebased. 💚 |
|
Can you ping me on IM or irc when you see me next. Sent from my Sega Master System On 30/04/2012, at 5:39 PM, Steve Richertreply@reply.github.com wrote:
|
|
what's up with this? can we merge? |
|
I have explained the issues to Steve (changes required in Travis Build) and he is going to take care of it. Do not merge yet. On 8/05/2012, at 1:02 AM, Sven Fuchs wrote:
|
…nv" configuration
… from travis-build
|
Secure env configurations can now be detected (and obfuscated) by travis-worker. |
|
Steve, regarding |
|
Woof. Okay, I'll have to get back to it another time. |
|
Sorry :( I just thought it is cleaner and simpler to detect a hash with a secure key instead of a string with SECURE at the front, since there is a possibility of env var exports having SECURE in them On 8/05/2012, at 3:33 PM, Steve Richert wrote:
|
|
Understood, although this only detects those that begin with SECURE=asdf FOO=bar HELLO=world |
|
Just a short question: How will you generate such a key? I saw your code in Figaro, it looks quite easy. Would it be possible to add a form on the website to generate such values? Or a Gem for the cli? (I don't want to use figaro in a non-rails app)... |
|
+1, would love this. |
|
😍 looking forward to this one ... |
|
I am closing this as commits from this PR were included with the PR by @drogus which has since been merged. |
|
Is this already usable or is this not yet available on travis-ci.org? |
|
+1 Is this usable now? |
Hi guys,
I added the ability to public-key-encrypt the
envconfigurations included in the build matrix. Here's why:Let's say I have an open source Rails app that depends on connecting to an external service such as GitHub or RubyGems. I configure my app to keep those credentials in
ENV(a la Heroku). In order to fully test on Travis, I need to include those credentials in the build env without exposing them publicly in.travis.yml.I borrowed a page from the Campfire notification configuration, where you can encrypt your credentials.
I also cleaned up a bit of the code surrounding SecureConfig and its relation to SslKey.
I think this will open Travis up to many more public apps that rely on private configuration. Thanks and I hope it helps!