How to access encrypted environment vars from node


#1

I am having a hell of a time trying to access my encrypted environment vars from my node server. Any idea how to do this? I have tried process.env with no luck.

Example repo: https://github.com/bj97301/testTravis

Output: https://travis-ci.com/bj97301/testTravis/jobs/156522714


#2

Your encryption appears incorrect. The decrypted variable is shown here as lqDnlCfd8zE1GTWYe0f5PL4jrucX4DMo0dy20P1rRSbHxovu2qNxdyye3ck23LsOhPejIs, whereas you are trying to access databaseUrl. What command did you run to obtain this?


#3

Ill re-encrypt it.

I used this:

testTravis (master) $ travis encrypt databaseUrl="moobz"

#4

Same. How do I get a new private key? I think its using the wrong one.


#5

I added you to the repo.


#6

I think I know the problem. You are running builds on .com, which has a different encryption key (we are in transition to standardize on .com). Try:

travis encrypt --com databaseUrl="moobz"

Alternatively, you can define them in the Settings panel: https://travis-ci.com/bj97301/testTravis/settings


#7

Holy shit! That fixed it. Ive been stuck on this problem for days. You should definitely document this somewhere.


#8

Spoke too soon. My test repo is working but my real one is still failing. It looks like the value I am trying to encrypt is causing some issues. How do I escape/encode the encrypted value correctly?


#9

found it:

Note on escaping certain symbols #
When you use travis encrypt to encrypt sensitive data, it is important to note that it will be processed as a bash statement. This means that secret you are encrypting should not cause errors when bash parses it. Having incomplete data will cause bash to dump the error statement to the log, which contains portions of your sensitive data.

Thus, you need to escape special characters such as braces, parentheses, backslashes, and pipe symbols. For example, when you want to assign the string 6&a(5!1Ab\ to FOO, you need to execute:

travis encrypt "FOO=6\\&a\\(5\\!1Ab\\\\"
Bash
travis encrypts the string FOO=6\&a\(5\!1Ab\\, which then bash uses to evaluate in the build environment.

Equivalently, you can do

travis encrypt 'FOO=6\&a\(5\!1AB\\'