Travis decrypt encrypted secure environment variables

1. Add the following commands to your .travis.yml, MY_ENVIRONMENT_VAR is the environment variable you want to retrieve, MY_ENCRYPTION_KEY a variable for encrypting the MY_ENVIRONMENT_VAR with ccrypt, so it can be transferred securely. After you have the

- sudo apt-get install -y ccrypt
- echo $MY_ENVIRONMENT_VAR > my_env_var.txt
- ccencrypt my_env_var.txt -K $MY_ENCRYPTION_KEY
- cat my_env_var.txt.cpt | base64

2. Commit the above change to a Github branch, which will trigger a Travis CI to run your build with the above commands in your .travis.yml

3. Monitor your travis console log and look for the output from `cat my_env_var.txt.cpt | base64`

4. For example, if the output is ‘Aaabbbccc’, run the following command on your local machine. The 3rd command will prompt you to enter the encryption key, which is the value of MY_ENCRYPTION_KEY from the 3rd command on step 1.

echo `Aaabbbccc` | base64 -d > my_env_var.txt.cpt
sudo apt-get install -y ccrypt
ccrypt –d my_env_var.txt.cpt
cat my_env_var.txt

Another way, instead of logging the content of encrypted file to console, you can upload the encrypted file my_env_var.txt.cpt to a aws s3 bucket, or any other cloud storage, then download the file from there.

References:
https://www.topcoder.com/blog/recover-lost-travisci-variables-two-ways/
https://stackoverflow.com/a/59165606/2069407

Search within Codexpedia

Custom Search

Search the entire web

Custom Search