search

treehouses / builder

Treehouses Awesome 👓 Raspberry Pi Image Builder 🏗
http://download.treehouses.io
GNU Affero General Public License v3.0
49 stars 22 forks source link

remove travis encryption keys -- generate a new ssh key #222

Closed i5o closed 6 years ago

i5o commented 6 years ago

we will move dev.ole.org soon

https://oncletom.io/2016/travis-ssh-deploy/

i5o commented 6 years ago 
sudo gem install travis

cd deploy/
travis login --org
ssh-keygen -t ecdsa -b 256 -C "deploy" -f id_deploy -N ""
cat id_deploy.pub (copy this into deploy@dev.ole.org:.ssh/authorized_keys)
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPoIL4TWbI+hun0brXfyH7Ks4QDl3UlRu9c3RpXTjvFr0JZm9D6fkT2yk0DU1ut38HNfcNeqettmGvNEC8gSahs= deploy
ignacio@home:~/builder/deploy$ travis encrypt-file id_deploy
encrypting id_deploy for treehouses/builder
storing result as id_deploy.enc
DANGER ZONE: Override existing id_deploy.enc? |no| yes
storing secure env variables for decryption

Please add the following to your build script (before_install stage in your .travis.yml, for instance):

    openssl aes-256-cbc -K $encrypted_eae07f48be7a_key -iv $encrypted_eae07f48be7a_iv -in id_deploy.enc -out id_deploy -d

Pro Tip: You can add it automatically by running with --add.

Make sure to add id_deploy.enc to the git repository.
Make sure not to add id_deploy to the git repository.
Commit all changes to your .travis.yml.
ignacio@home:~/builder/deploy$
rm id_deploy

edit .travis.yml

before_deploy:
 - openssl aes-256-cbc -K $encrypted_eae07f48be7a_key -iv $encrypted_eae07f48be7a_iv -in deploy/id_deploy.enc -out deploy/id_deploy -d
git add -u

also, optionally, we can remove the old key from https://travis-ci.org/treehouses/builder/settings image