You really want the variation with the public-private-keypair. The password variation should only be used for testing.
This is more or less just for testing purposes. For production quality we want asymetric encryption, since then every third party can encrypt their secret stuff (passwords for example) with the build server's public key, so that the build server is able to decrypt it.
echo 'MySecret' | openssl enc -base64 -e -aes-256-cbc -pass pass:mySecretPass
The concrete encryption results differ from every run - this is by purpose - don't get confused!
echo 'U2FsdGVkX18rK5LtGN0UccPFHukwLI155r6DkWmYgrg=' | openssl enc -base64 -d -aes-256-cbc -pass pass:mySecretPass
We want to generate two keys, one public and one private, so that third parties can safely secure their secrets to the build server.
Generate a RSA key pair (public + private) with a key length of 4.096 bits. Beware you have to supply a key password:
openssl genrsa -des3 -out keypair.enc.pem 1024openssl rsa -in keypair.enc.pem -out keypair.pemRemove the password
Next step is to extract the public key of the key pair to distribute it publicly:
openssl rsa -in keypair.pem -pubout -out pubkey.pem
echo 'MySecret' | openssl rsautl -pubin -inkey pubkey.pem -encrypt | base64
echo 'HGfBt27Lc/n3hOpEihdI/QXLUnFA5qPay/4WiAL/p3cD9OrPLF1yxFbxFxALPcKDLFb8u0+F7nBbkPihWoIyhQ==' | base64 -D | openssl rsautl -inkey keypair.pem -decrypt