How to have sensitive data like API credentials included in the build but not part of public repository

Helveg · December 7, 2018, 1:56pm

Hi!

I’d like to test my package that connects to Box with API credentials. Even though this API key is generated purely for a developer account and there’s nothing to be done with it, it would be nice if I didn’t have to make it part of a public repository. Is there a way to get a client id, client secret, public and private key onto the deployment test machine without including it in the public repository that travis will clone?

Helveg · December 7, 2018, 3:00pm

I’ve discovered Environment variables, I think they’ll be suited for this.

native-api · December 8, 2018, 5:53pm

Use secret environment variables in Travis settings.

Topic		Replies	Views
OK to leave secure api_key in .travis-ci.yml? Deployment	7	1692	April 24, 2020
"401 - Bad credentials" for a deploy entry generated by `travis setup releases` Deployment github-releases	8	1975	May 13, 2020
Encrypted variable in Travis as the value of a secure key Deployment	1	858	January 5, 2022
Pass the PR origin's Repository Settings alongside Github Pull Request Feature Requests	2	1109	March 5, 2021
Gh-pages deployment authentication failure using yarn v2 gh-pages	6	1898	April 22, 2020

How to have sensitive data like API credentials included in the build but not part of public repository

Related topics