Travis Config - Insecure API Key

sparksuite / simplemde-markdown-editor

A simple, beautiful, and embeddable JavaScript Markdown editor. Delightful editing for beginners and experts alike. Features built-in autosaving and spell checking.

https://simplemde.com

MIT License

9.8k stars 1.12k forks source link

Travis Config - Insecure API Key #722

Closed prageeth closed 5 years ago

prageeth commented 5 years ago

@WesCossick Looking at the travis config, shouldn't the api key be hidden and used via environmental variable? This is opening up for insecure publishing.

atodorov commented 5 years ago

@prageeth the value is marked with secure: xxxx and I think this is the encrypted value not the plain/text one so no direct exposure, see https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml

prageeth commented 5 years ago

@atodorov Thanks for the explanation, it was my mistake. Yes, you're right and it makes sense. Thanks!