问题
I have .travis.yml with some secure (encrypted) env variables. Now I need to descrypt those variables to use them in different project.
Is there easy way of doing this (except triggering a commit and printing them in console output)?
回答1:
I don't think you can decrypt it. Public key is used to encrypt the data and it can only be decrypted with the private key which travis doesn't provide.
回答2:
You can't decrypt locally from what I understand but you can recover the key/values. By nature, they have to be decrypted to be used during the build process.
- Go to your last build of your current project.
- Select "Debug Build"
- SSH into the instance using the provided user and host
***********@to2.tmate.io - Once in the remote shell, run
env.
This will print all of the environment variables so you will have to dig a little for your secure ones but they will be there.
回答3:
Daniel's answer here would probably work, but it relies on the Debug Mode of Travis CI, which is disabled for public repositories by default, due to security concerns.
There is actually another way to do it. It is inspired by, and simpler than this blog post "RECOVER LOST TRAVISCI VARIABLES – TWO WAYS".
Some explanation first:
- Why is it possible? Because Travis-CI would have to decrypt it into plain text and set it as an environment variable, for it to work on their machine. That is your chance to recover it.
- Yet
echo $SECRETwould NOT reveal it from console log, because Travis-CI scans all the stdout and filter that particular value. (Duh) So you need another tool to encode the decrypted secret. Command line toolbase64comes in handy, as it is already available on Travis CI's build machines, and in your local git bash (if you are using git on Windows) or in your shell (if you are using Linux). - Lastly, you probably won't want your recovered secret available (even after encoded) to the world. You can solve this by encrypting it with another KNOWN_SECRET, with the help of a command line tool
ccrypt.
TL;DR: As easy as 1-2-3!
- Add or modify your
.travis.ymlto contain the following content.
sudo: required
install:
- sudo apt-get install -y ccrypt
- echo $UNKNOWN_SECRET > info.txt
- ccencrypt info.txt -K $KNOWN_SECRET
- cat info.txt.cpt | base64
Commit the above change to an experimental branch, and trigger a Travis CI run. Browser the console log, to find that line of output, say,
A1B2C3D4....On your local machine, run this:
echo `A1B2C3D4...` | base64 -d > info.txt.cpt
sudo apt-get install -y ccrypt # If you haven't already
ccrypt –d info.txt.cpt
# When prompt, type in the KNOWN_SECRET, and then you will have info.txt in plain text
来源:https://stackoverflow.com/questions/31519546/how-i-can-decrypt-secure-env-variables