squeezing private SSH key into .travis.yml file

gistfile1.txt

Tricks to add encrypted private SSH key to .travis.yml file


To encrypt the private SSH key into the "-secure: xxxxx....." lines to place in the .travis.yml file, generate a deploy key then run: (to see what the encrypted data looks like, see an example here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L21

base64 --wrap=0 ~/.ssh/id_rsa > ~/.ssh/id_rsa_base64
ENCRYPTION_FILTER="echo \$(echo \"-\")\$(travis encrypt veewee-community/veewee-push \"\$FILE='\`cat $FILE\`'\" | grep secure:)"
split --bytes=100 --numeric-suffixes --suffix-length=2 --filter="$ENCRYPTION_FILTER" ~/.ssh/id_rsa_base64 id_rsa_


Ha! it takes 30 lines to squeeze it all in.


To reconstitute the private SSH key once running inside Travis: (see example use here: https://github.com/veewee-community/veewee-push/blob/486102e6f508214b04414074c921475e5943f682/.travis.yml#L13)

  - echo -n $id_rsa_{00..30} >> ~/.ssh/id_rsa_base64
  - base64 --decode --ignore-garbage ~/.ssh/id_rsa_base64 > ~/.ssh/id_rsa
  - chmod 600 ~/.ssh/id_rsa
  - echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config

The travis CLI changed a little, has to be travis encrypt -r me/repo now, note the -r.

EDIT: Just noticed that travis now has the ability to encrypt files directly. (see travis encrypt-file)

Alternative way:
https://gist.github.com/carlessistare/d87751214c188e007fcb

Why not encrypt the private key file with 'travis encrypt' and store it as a travis environment variable?

Encryption and conversion code

travis encrypt-file ./id_rsa -r xxxx/xxxxxx
travis env set DEPLOY_KEY_ENC `base64 -i ./id_rsa.enc | tr -d '\n'` --private -r xxxx/xxxxxx

Decryption code in .travis.yml

echo $DEPLOY_KEY_ENC | base64 --decode | openssl aes-256-cbc -K $encrypted_xxxxxxxxxxxx_key -iv $encrypted_xxxxxxxxxxxx_iv -out ~/.ssh/id_rsa -d