travis-ci-script.sh

mkdir ~/travis-ci-key && cd ~/travis-ci-key

# generate your private key
ssh-keygen -t rsa -f travis-ci-key

# put the public key on the server you will be connecting to
cat travis-ci-key.pub | ssh [email protected] "cat >> ~/.ssh/authorized_keys"

# generate the password/secret you will store encrypted in the .travis.yml and use to encrypt your private key
cat /dev/urandom | head -c 10000 | openssl sha1 > ./secret
# /dev/urandom # random number generator
# head -c N # print first N bytes of file

# encrypt your private key using your secret password
openssl aes-256-cbc -pass "file:./secret" -in ./travis-ci-key -out ./travis-ci-key.enc -a
# -pass password
# -a = -base64

# download your Travis-CI public key via the API. eg: https://api.travis-ci.org/repos/travis-ci/travis-ci/key
# replace 'RSA PUBLIC KEY' with 'PUBLIC KEY' in it
# save it as a file id_travis.pub

# now encrypt your secure environment variable and secret password using the public key that you just downloaded and copy it to the clipboard
echo "MY_SECRET_ENV=`cat ./secret`" | openssl rsautl -encrypt -pubin -inkey ./id_travis.pub | base64 | pbcopy
# rsautl # RSA utility
# -encrypt # encrypt the input data using an RSA public key
# -inkey [file] # the input key file, by default it should be an RSA private key
# -pubin # the input file is an RSA public key
# base64 # encode and decode using Base64 representation

# insert your secure environment variable in your .travis.yml like so
# env:
#   - secure: "ENCODEDSECUREVAR"
# make sure you add the .my_key.enc to your repository

# to decode your encrypted private key in Travis, use the following line and it will output a decrypted my_key file
# openssl aes-256-cbc -pass "pass:$MY_SECRET_ENV" -in ./my_key.enc -out ./my_key -d -a
# -d decrypt the input data