How to access encrypted environment vars from node

bj97301 · November 5, 2018, 11:44pm

I am having a hell of a time trying to access my encrypted environment vars from my node server. Any idea how to do this? I have tried process.env with no luck.

Example repo: https://github.com/bj97301/testTravis

Output: https://travis-ci.com/bj97301/testTravis/jobs/156522714

BanzaiMan · November 6, 2018, 1:12am

Your encryption appears incorrect. The decrypted variable is shown here as lqDnlCfd8zE1GTWYe0f5PL4jrucX4DMo0dy20P1rRSbHxovu2qNxdyye3ck23LsOhPejIs, whereas you are trying to access databaseUrl. What command did you run to obtain this?

bj97301 · November 6, 2018, 1:15am

Ill re-encrypt it.

I used this:

testTravis (master) $ travis encrypt databaseUrl="moobz"

bj97301 · November 6, 2018, 1:19am

Same. How do I get a new private key? I think its using the wrong one.

bj97301 · November 6, 2018, 1:20am

I added you to the repo.

BanzaiMan · November 6, 2018, 1:49am

I think I know the problem. You are running builds on .com, which has a different encryption key (we are in transition to standardize on .com). Try:

travis encrypt --com databaseUrl="moobz"

Alternatively, you can define them in the Settings panel: https://travis-ci.com/bj97301/testTravis/settings

bj97301 · November 6, 2018, 5:21pm

Holy shit! That fixed it. Ive been stuck on this problem for days. You should definitely document this somewhere.

bj97301 · November 6, 2018, 7:10pm

Spoke too soon. My test repo is working but my real one is still failing. It looks like the value I am trying to encrypt is causing some issues. How do I escape/encode the encrypted value correctly?

bj97301 · November 6, 2018, 7:58pm

found it:

Note on escaping certain symbols #
When you use travis encrypt to encrypt sensitive data, it is important to note that it will be processed as a bash statement. This means that secret you are encrypting should not cause errors when bash parses it. Having incomplete data will cause bash to dump the error statement to the log, which contains portions of your sensitive data.

Thus, you need to escape special characters such as braces, parentheses, backslashes, and pipe symbols. For example, when you want to assign the string 6&a(5!1Ab\ to FOO, you need to execute:

travis encrypt "FOO=6\\&a\\(5\\!1Ab\\\\"
Bash
travis encrypts the string FOO=6\&a\(5\!1Ab\\, which then bash uses to evaluate in the build environment.

Equivalently, you can do

travis encrypt 'FOO=6\&a\(5\!1AB\\'

Topic		Replies	Views
How to encrypt environment variables correctly? Linux build-env	1	996	July 28, 2020
Unable to access environment variables in Travis CI Travis CI Discussions & Feedback travis-build	1	1360	March 28, 2022
Travis doesn't decrypt secure environment variables Deployment	2	1210	May 20, 2020
Support encrypting env var content only Feature Requests env-vars	1	1123	August 29, 2021
Node.js build fails with no obvious error Windows	14	4366	May 1, 2019

How to access encrypted environment vars from node

Related topics