Skip to content

Instantly share code, notes, and snippets.

@floydpink
Forked from lukewpatterson/gist:4242707
Last active March 6, 2021 22:18
Show Gist options
  • Save floydpink/4631240 to your computer and use it in GitHub Desktop.
Save floydpink/4631240 to your computer and use it in GitHub Desktop.
Generating secure environment variables for GitHub deployment keys to be used from a Travis-CI build.
# On a Mac, use this script to generate secure deployment key
# To generate secure SSH deploy key for a github repo to be used from Travis
base64 --break=0 ~/.ssh/id_rsa_deploy > ~/.ssh/id_rsa_deploy_base64
ENCRYPTION_FILTER="echo \$(echo \"- secure: \")\$(travis encrypt \"\$FILE='\`cat $FILE\`'\" -r floydpink/harimenon.com)"
# If you don't have homebrew please install it from http://brew.sh/
brew install coreutils
gsplit --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_deploy_base64 id_rsa_
# To reconstitute the private SSH key from within the Travis-CI build (typically from 'before_script')
echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64
base64 --decode ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
# On Linux (tested only on Ubuntu), use this script to generate secure deployment key
# To generate secure SSH deploy key for a github repo to be used from Travis
base64 --wrap=0 ~/.ssh/id_rsa_deploy > ~/.ssh/id_rsa_deploy_base64
ENCRYPTION_FILTER="echo \$(echo \"- secure: \")\$(travis encrypt \"\$FILE='\`cat $FILE\`'\" -r floydpink/harimenon.com)"
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_deploy_base64 id_rsa_
# To reconstitute the private SSH key from within the Travis-CI build (typically from 'before_script')
echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64
base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
@floydpink
Copy link
Author

Generating secure environment variables for GitHub deployment keys to be used from a Travis-CI build.

For more information see this blog post

In the example below, ~/.ssh/id_rsa_deploy is a deployment key that was added to my repository floydpink/harimenon.com. Change these two strings to appropriate values.

@brad
Copy link

brad commented Apr 10, 2014

I found that 100 bytes was too much for travis 1.6.9. Through experimentation I discovered that 90 bytes works, 95 doesn't, so I just stuck with --bytes=90. I appreciate the updated gist.

@koter84
Copy link

koter84 commented May 19, 2014

Thanks for sharing this code!

The OS X version on Travis-CI.org doesn't understand that {00..30} should give 00 01 02..etc and just returns 0 1 2..etc
so the first 10 variables won't get printed to the file, and the key (obviously) doesn't work...

i solved it with a small for-loop combined with printf, also my version works the same on the linux and osx workers
https://gist.github.com/koter84/e46e675960d964fdb48d

@floydpink
Copy link
Author

Thank you, @koter84

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment