Help us understand the problem. What is going on with this article?

TravisCIでファイルを(簡単に)暗号化して使用する

More than 5 years have passed since last update.
  • Encrypting Files のとおり
  • travis 1.7.0 (2014/08/06公開?)で encrypt-file コマンドが追加され、それにより簡単にTravisCIでファイルを暗号化して扱えるようになりました

準備

  • travisコマンドをインストールします $ gem install travis
    • 本記事記述時点でのバージョンは1.7.1

Encrypting Files

$ travis encrypt-file --help
Encrypts a file and adds decryption steps to .travis.yml.
Usage: travis encrypt-file INPUT_PATH [OUTPUT_PATH] [OPTIONS]
    -h, --help                       Display help
    -i, --[no-]interactive           be interactive and colorful
    -E, --[no-]explode               don't rescue exceptions
        --skip-version-check         don't check if travis client is up to date
        --skip-completion-check      don't check if auto-completion is set up
    -e, --api-endpoint URL           Travis API server to talk to
    -I, --[no-]insecure              do not verify SSL certificate of API endpoint
        --pro                        short-cut for --api-endpoint 'https://api.travis-ci.com/'
        --org                        short-cut for --api-endpoint 'https://api.travis-ci.org/'
        --staging                    talks to staging system
    -t, --token [ACCESS_TOKEN]       access token to use
        --debug                      show API requests
    -X, --enterprise [NAME]          use enterprise setup (optionally takes name for multiple setups)
        --adapter ADAPTER            Faraday adapter to use for HTTP requests
    -r, --repo SLUG                  repository to use (will try to detect from current git clone)
    -R, --store-repo SLUG            like --repo, but remembers value for current directory
    -K, --key KEY                    encryption key to be used (randomly generated otherwise)
        --iv IV                      encryption IV to be used (randomly generated otherwise)
    -d, --decrypt                    decrypt the file instead of encrypting it, requires key and iv
    -f, --force                      override output file if it exists
    -p, --print-key                  print (possibly generated) key and iv
    -w, --decrypt-to PATH            where to write the decrypted file to on the Travis CI VM
    -a, --add [STAGE]                automatically add command to .travis.yml (default stage is before_install)
  • travis encryptコマンド同様--addオプションが用意されており自動的に.travis.ymlに記述することも可能です
    • ただしこれまた同様にインデントが崩れることがあるので注意が必要です

実行してみる

$ travis encrypt-file hoge
encrypting hoge for kmats/test
storing result as hoge.enc
storing secure env variables for decryption

Please add the following to your build scirpt (before_install stage in your .travis.yml, for instance):

    openssl aes-256-cbc -K $encrypted_d9ff679cf7a4_key -iv $encrypted_d9ff679cf7a4_iv -in hoge.enc -out hoge -d

Pro Tip: You can add it automatically by running with --add.

Make sure to add hoge.enc to the git repository.
Make sure not to add hoge to the git repository.
Commit all changes to your .travis.yml.
  • 説明されるように.travis.ymlのbefore_installステージにopenssl aes-256-cbc... を追加すればOKです
  • 最後説明されているように、暗号化したhoge.encはリポジトリに追加しますが元のhogeは追加しないようにしましょう

おまけ

  • encrypt-file登場以前のファイル暗号化と言えば、自分でoepensslコマンドなどでファイルを暗号化して使用した鍵をtravis encryptで暗号化して管理…といっためんどくさいものだったのでこのコマンドの登場は非常に助かります
  • もっと早くこのコマンド欲しかったw
jrits
信頼と魅力のある先進のITをもとに、お客様のワークスタイル・イノベーションの実現を目指します。
http://www.jrits.co.jp/
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした