- Download script
travis-encrypt.sh - Make it executable
chmod +x travis-encrypt.sh - Run the script with
./travis-encrypt.sh -r username/repositoryname -e example- It will return something like
O+woVD9K+PeFrcyu5GCjKSFvfcSPwDW0kyDYEQnNbwt/iSkqjpl2OPA9W//KEKEB9UUSZD+XmQ3Ij0gnvJnOowcWY5sSeJlVEVTrSer0kW6uWpa/uWzDHCBz2YhBnI6u9SfYfMkhDl22pcaCEwaUkmK2gjcVo+v0bS8vAQFz0Na5/WiKj0GkSX50iIGgfaXheuC8KgIC25T0h+czpap7vb13OlblMnClfyTH9+TmAwTlcV7ljXpv1QY+K72L8jK1/CQVZ8quBYrBwwxO2V6cpXRMMCIw4m4lqxUyN4FBGnq7cJ7BWLzeqSMpFBoP+ZxAqS5yem8KLh1VkEo7PVjCkZE6M+2meFf2VJEVUs/KJY9xnH3eDzipWkwXon2qVpCkT7FDEzGFs/DapYsSo7eCO6pUYYhcpaYpWeYV9DSSV0QcrOeZp664iJMHWPSmrs/lESbbHpKWsM/AFVB9X75q/OB+QU0tQxpReZmKw3ZHbDVMlmlwhP8VSiQ05LV2W6gYzADGiUiL6n1X8teeHEVDSZnD7nrxMD/FchnWI5La3tZeFovRMf6hH3NItW+QZaGaGNftJrP488J/F2hCycPJk3+YrxbBCGHE2X379QbkMz3S0B5UiAcJKmwuTstF6X3CCurZVYIkUGGXhnmalPtVpEqxeTiLw5RU6C9z2qSwhhw=
- It will return something like
- Use the encrypted secret in your
.travis.ymlaccording to https://docs.travis-ci.com/user/encryption-keys/#Usage
Last active
April 11, 2019 10:48
-
-
Save openscript/082bd53b28505337510d9e69386b5fc5 to your computer and use it in GitHub Desktop.
This bash script can be used to encrypt secrets for a Travis CI configuration (`.travis.yml`) with the project specific public key.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| usage() { echo -e "Travis Encrypt Script\nUsage:\t$0 \n -r\t<username/repository> \n -e\t<string which should be encrypted>" 1>&2; exit 1; } | |
| while getopts ":r:e:" param; do | |
| case "${param}" in | |
| r) | |
| r=${OPTARG} | |
| ;; | |
| e) | |
| e=${OPTARG} | |
| ;; | |
| *) | |
| usage | |
| ;; | |
| esac | |
| done | |
| shift $((OPTIND -1)) | |
| if [ -z "${r}" ] || [[ !(${r} =~ [[:alnum:]]/[[:alnum:]]) ]] || [ -z "${e}" ]; then | |
| usage | |
| fi | |
| key_match="\"key\":\"([^\"]+)\"" | |
| key_url="https://api.travis-ci.org/repos/${r}/key" | |
| request_result=$(curl --silent $key_url) | |
| if [[ !($request_result =~ $key_match) ]]; then | |
| echo "Couldn't retrieve key from ${key_url}. " | |
| usage | |
| fi | |
| echo -n "${e}" | openssl rsautl -encrypt -pubin -inkey <(echo -e "${BASH_REMATCH[1]}") | openssl base64 -A | |
| echo |
-e is the parameter for the string you want to encrypt with the retrieved key. In this example it's example.
This seems to produce inaccurate results, sadly. Not posting the actual password (ofc!) but this snippet gives me this:
A/sJiu48WEeBhBWxK4Zmg2GWutgiyE0v0K8TFNjNIpQNXgdEkKBDf4odgtgBPYVyC3ZQZCvkXYBtmGOgH/ZkIzctPNjjEgWGI/If9jLqwGhvLi42JHwk7ZylurB5EZeC7ECkBVlUahK8HdBtHDtnLnEVI/EnZL7YefVDxDJmnMQdga+gDsCjt5flpKNp9Ed3jQT9ygWKKqVJtXOrLgYZR0jGrbvoZq5McBM52vFI4a51gKv8VcOT2cP1xpP0o2ANUZ+50iTJfT3p2Ku2+U9VL24v7HmNFs/uHpqlaIaekHe//w9i0ZTjXegEQ40cqr7zQsbIRcmyqCTxTEigjWlEH6k1jDiNoR4Qi+X54h1Zq+u7acJmBzU+i6BYXCaPI/RuI27W0tr25L5EFkr0iabOSjJTRKHqxi8lnx1fTpKpTsH78AEM3XavgFY62JLjlH4TgbX4oXlqDbyhAqqXWOb5W6z9cwReMeCWMu3JJ36s5uxQoOgailjL4BdqkKmOjvD/GCGDhzGBgRZLAVzEDiipxIGsximbYz/0bQF+4Ro9JC8Ss/I9hs081c3FplbhVF4KbL92KL0PI3zYLcJAvKNavG6dLWTE1XbkxYFleRLkxt0+qo+grL8a6mvv0XhghqfiEEAtnazaVglCKwyAKBXuslxIWY1QZkzvR9zk+35JJ3Q=
Whereas the Ruby CLI's travis encrypt returns, for the same password + repo, this:
czQldYhxD/p4ZvATvaJZGNztdHE7zHdkw2bxd+PevQIwwuXsR02zn9KlbmAOcu8up7tkLa+p0n8GI+phUz968OSSfDIEKkaX6JBjAS9FC/lMr1fuxGsyMKHDFz76Y3fJs3Y+tenV2k04k7TBA1EyYhMZ06R2Xa5xaDVozOCmMD6rxm7LR3Y0enbdSxAn2GVLKy2pETMGEzlf0x8G9KNYOFU+iMiqF0C8MKPLOQPUOcxVGz85xDjLnhCMfKaFfARKemcPcVuRVqo188EQ7Zvxaes+EfAomDPhhfJjBQsYGue0T6qKav/h2zknPKlTycSyR16XvulMVfu8x+2FWWdJGY39MKZpNDj7bk36x1+ZklvJsJjia4LSroO8dghU3RXzVHSIXV/dpOjfKO6/5b/sEs1X5QwF+OkuX99FYrdRTt8Ug5ub5ZUtP5zsEGLwHdVaQubgl843CSTY5nTiB8pYlUhyU9PNq4xBaE0bOFWDmbfQ80HMh66HglYW1w3sjqRrnMG5bpJpnMXtyI33/kaX+0a43/5LPSBfgoonb7zWkOiPf7nXXwaUBehV3hqmzTRjL8JBHhsJ8IMLwhVtpk00E5e8jKPbwV7Ydagt4J/E1GjV6/l3fW7KI5jLbvoK35ohknyTr6iBO88Jc7F3nVNPk8WyhfDbJXMutnMq2AlhfAY=
Will share my machine specs (anything specific to look for?) as well as a comparison using a fake password when I get home.
Okay, running with repository eltrhn/ergo & password test returns:
LUyq/za+XRECn82JwE9wpA3CkQ2h6LTKS/2jQHEluQduZzLu1uLndNjF+XBrhSKTHajxWkx6uRMa7wIXZ4cuJsa24XON8o+4Fc2dl7Wf+A8kiPkshgG4mEo3LolAK5xy4getHOvh6y03FwPrl4SXH0neKj15PSR7KQrdNASmLhhkhdyf8Vou9UnkJ/8fBDhJ2bPOehZS5PsCNNmLjWgGCiN0IzbGFwieUZscuch+nWoUhAh2Aq2RSGvtmR3VWhvg1OpIqr5oDeoovc07LmoH8qi4ajk/+OMe2Kqbb5qnQmh1mzJbtuhjfGNglK0K/h040f0EgKMt5sSSgTxmRC4pmsJffpjRwBxvBscVqp6nQ1mrhWPgQ3lvkYODD0Zhk88WdceN+ptNOfduGbZdA4JgsyyOAip604frwq5a0WcZw/8OP6A4Rh858PE8cbpzKpSDlVpf0CBXJGoYC27xPAzspzP8e08PPQGHsBisnHYQWlUgr9em/F9eTKE9r8IKxldkdUuBucMWRHsf5wFV//PyXqGeOZGJwHwwOZ9NKL7sNdOT+h8tlb1lmJO3OBlAHNuMX7ezFj52rNUnh/SKwZK7zQGSQIdcrccI8rjGwVkpDI6qHmP4nv/O0aqlDAiGUoVNuUHCbiXHfWX94L3sm1dqlnfRM+d1CB1V6jSjsyLlE/M=
Whereas travis encrypt on the same returns:
J5BvY/eebRqqXPQtUc/C7ULAb3fIUykZ3DppMp2Sos+Yq70xTJcoeC5ldh/lTs8UiyUev9ZWJgJkzbtpdhRxMyFMkxxltNHW6YZQ6qsvxDLH4uZTCDPU8eYpFDnMNjlwmwVQCgtrf5M0fKrn4pGrcixFRnFR3fa+ZsYTdxHsmAg3CdEEDjMn7tT5+NUuVtWDbbtcrVCJBOgjzbS/G9mXy/VisxeWXFUeLb6Ba+wAQhp09D8EI3lD3i9xm46vjgWVeqx6ulTS9e7Gii2qWZgbw0M1LODnBjFLpxt4DFVqfwMR91Twn5tTu5mC1/XggHGAU49vm6iQjli5m1RSV56ZixnLcUgWPhKmOOPLvEXIMps6Fj5hHIiStxG9Wq6jFPm//gx2uPctTgKrshGZm+HXiK4++Uv+XdBDbtizvDW2A+T7tFpaitLyG6E6BoQDmuxHG/qH2z59T9Ir/vs8D9AvUmaWNA2l0/aNcNWDFMHbOHRx0BIR/N6v0WXxzRWU6Lgv0OipptdpBJRnX4Zv4Xf3GrYd6YdYyYkoi0duAwd4y9O4fZUC1C4eh81ajE3IdDpeeE675wJTTYovXWQMPH8fnWqOZiTW//sUOlqEK8ZU29iUfdZJgPhgMiKXzYwVTUOUaPtEiIB6ZJmDkWLXwaVrYAKknexlXJCVY9hPzowVtqw=
openssl version shows OpenSSL 1.1.0g 2 Nov 2017.
I've just tested it and it still works. I'm on 'OpenSSL 1.1.0h 27 Mar 2018'.
Remember it only works on public repos.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
what's the '-e example' for?