Getting "data too large for key size" for 128 character length secret_key_base var #41
Comments
|
This is a known issue. 128 characters is too long for the encryption, not for an env var. |
|
Therefore what do I do for my Rails app? What is the longest string that is supported? |
|
You could manually encrypt a file using the same SSH key, this guide is technically pro-specific, but you should be able to do the same thing on org. |
|
The guide should be updated with the new way to get the public key, as per http://about.travis-ci.org/docs/user/encryption-keys/. Also, it would be nice if this were fixed. |
|
The reason the limit is 128 characters is because of the protocol used. RSA public key encryption really shouldn't be used to encrypt longer strings. A better way is to encrypt the file with a symmetric algorithm and then use |
|
Also |
|
I was trying to encrypt a generated |
|
Or maybe not. Is what I said false? It doesn't seem to work. |
|
And on |
|
Rather, it seems that some |
|
We currently don't have a nice built in way to enable pushing to GitHub or other sources from Travis. You could instead create an oauth token, encrypt it, and use that for pushing to GitHub? On 17/08/2013, at 8:06 AM, Jason Gross notifications@github.com wrote:
|
|
@henrikhodne Could you please provide the exact steps necessary to do this: I'm trying to encrypt the 128-character secret key used by the latest version of Devise for use with Travis CI. Thanks! |
|
@henrikhodne when following the guide I get and empty JSON from Github, hence an empty id_travis.pub when executing the one-liner. I also tried using 'travis pubkey' but I get this error: travis pubkey > id_travis.pub
ssh-keygen -e -m PKCS8 -f id_travis.pub > id_travis.pub.pem
PEM_write_RSA_PUBKEY failed |
|
The CLI can give you a pem directly: |
|
Thanks, that makes it much easier. I'm very close, I'm getting this error when the before_script executes: |
|
Also getting this error. Tried on a colleague’s computer who hadn’t upgraded to OS X Mavericks and it worked. |
|
I "solve" it by encrypting SECRET using travis cli, instead of using the travis encrypt secret=`cat /dev/urandom | head -c 10000 | openssl sha1` --add |
|
This is what worked for me
#!/usr/bin/env sh -u
ENC_FILE='envs.yml'
ENVS=$1
USER=$2
PROJECT=$3
encrypt_file () {
secret=$1
file=$2
openssl aes-256-cbc -a -k "$secret" -in $file -out $file.enc || return 1
git add $file.enc || return 1
git commit -m "Add encrypted travis file" || return 1
}
travis_cust_enc () {
username=$1
project=$2
key=$3
value=$4
file=$ENC_FILE
arg="'/$key/d'"
eval sed "$arg" envs.yml > $file
echo "$key: $value" >> $file
secret=`cat /dev/urandom | head -c 10000 | md5` || return 1
encrypt_file $secret $file || return 1
travis encrypt -r $USER/$PROJECT secret=$secret --add
}
add_env () {
result=$(PRINTENV $1)
count=$(PRINTENV $1 | wc -m)
if [ "$result" != '' ] && [ $count -gt 128 ]; then
echo "$1 > 128 chars. adding ENV via custom encryption"
travis_cust_enc $USER $PROJECT $1 $result
elif [ "$result" != '' ]; then
echo "adding $1 ENV via travis encrypt"
travis encrypt -r $USER/$PROJECT $1=$result --add
else
echo $1 not found!
fi
}
IFS=','
for ENV in $ENVS; do
add_env $ENV || exit 1
done
unset IFSusage:
before_script:
- openssl aes-256-cbc -d -k "$secret" -in envs.yml.enc -a -out envs.yml
import yaml
def getenv_from_file(env, yml_file):
result = yaml.load(file(yml_file, 'r'))
return result[env]
value = getenv_from_file(MY_ENV, 'envs.yml') |
|
+1, would love to see a more straightforward solution for this! |
|
👍 thanks for the concise guide @rkh! I'm sure this will help a lot of people |
|
The next release will come with an |
I ran travis encrypt -r jasnow/atlrug4 MY_SECRET_KEY_BASE=${SECRET_K_BASE} --add to add a secure variable to my .travis.yml file and I am getting data too large for key size error message. I am using as ENV['VAR'] inside my Rails 4.0 application for this 128 character length APP::Application.config.secret_key_base variable.
Is 128 characters really too long? I used "rake secret" to generate it.
Thanks
The text was updated successfully, but these errors were encountered: