encrypt secrets without --key parameter (like heroku api_key used by travis deploy)

pwmckenna / node-travis-encrypt

node module to encrypt environment variables for travis-ci

npmjs.org/package/travis-encrypt

46 stars 12 forks source link

encrypt secrets without --key parameter (like heroku api_key used by travis deploy) #1

Closed kaizhu256 closed 10 years ago

kaizhu256 commented 10 years ago

the deploy section in .travis.yml uses secure variables that have no key name (e.g. heroku api_key)

can u add something like a check like the following in travis-encrypt-cli.js (line 55) ? return encrypt(slug, (name ? name + '=' : '') + value, username, password, function (err, res) {

i'm asking because i can't seem to install travis gem on my macbook air (some ffi error), and need this to deploy to heroku :(

kaizhu256 commented 10 years ago

in case your not clear about the use case, if we want to deploy to heroku, then in .travis.yml we add a deploy section:

deploy:
  api_key:
    secure: UOJknUje0te1+54BFtDQi+1jFBTDfFI7qYSV+tcDMkCeQJ7K/lh4y45c8w+I/OE0BL7eyL1MowiMf5oQnSlDg==
  app:
    unstable: utility2-example-app
  provider: heroku

where secure is a nameless encrypted string. if using the travis gem, it would be encrypted as follows:

$ travis encrypt '78dbf5d8-8ca5-4559-b9e2-40e41c9dc0fa'  ## using fake api key

pwmckenna commented 10 years ago

I've kind of wanted to abandon the key value business for a while, and this motivated me to do so...so thanks! I just pushed a change that removes -k/-v/-j, and supports encrypting an arbitrary number of command line arguments or strings piped into stdin. Now for key value pairs, you just pass in KEY=VALUE, and if you want just a string, you can just do VALUE. Hopefully the change helps!

kaizhu256 commented 10 years ago

thx! closing my 2 pull request as they no longer apply now :b