Enable secure content in bazooka.yml

[julienvey]

The goal

Do something like that:

language: golang
go:
  - 1.3.1
after_script:
  - echo $TEST_SECURE
  - echo $TOTO
env:
  - secure: 5d5a074ca963ffedb3e80660f98ae43262e7c58adf40fc31b35a439d7ebdecf2e138b012
  - TOTO=1

Only env vars can be encrypted

How does it work ?

• Each time a new project is created, bazooka generates a key for this project and store it in mongo. Each project has its own key.
• As a user, when you want to encrypt some data, you use bzk encrypt

Usage: bzk encrypt PROJECT_ID DATA 

Encrypt some data

Arguments:
  PROJECT_ID=""   Project id
  DATA=""         Data to Encrypt

• With the encrypted data returned by this command, you add it where you want in your bazooka.yml, like in the previous example.
• When bazooka starts a job, it will look for every secure: ... item during yaml unmarshalling and try to decrypt the data. The job then continues with the decrypted bazooka config

Closes #69

[jawher]

How is this supposed to work for multiple projects ? Unless I'm mistaken, bzk generate-key stores the project specific generated key in the same file, ~/.bzkkey`, no matter the project.

Also, this PR doesn't handle importing an existing project key in a different machine.

[julienvey]

@jawher I have updated the description to reflect the new workflow. Let me know what you think about it

[jawher]

Added 2 commits to remove the hard-coded key file from commons.

If this proposal is accepted, we'll also need to update all the language parsers to add a call which sets the crypto key.