Let’s say I have added 3 secret keys using
travis encrypt VAR_A="…" --add
travis encrypt VAR_B="…" --add
travis encrypt VAR_C="…" --add
how do I go about removing VAR_B and updating the values of VAR_A without affecting VAR_C?
do I have to remove the whole env.global.secret and start over again?
You could manually edit .travis.yml.
how can i tell each variables apart though?
You cannot do that, I’m afraid. You can, however, going forward, commit each change to.travis.yml to correlate which change correspond to which secret. (You cannot change what’s already happened, of course.)
According to docs, you can encrypt any value in YAML config.
Also, according to docs, there are two ways of specifying env vars:
env:
- VAR_A=VALUE_A
- VAR_B=VALUE_B
- VAR_C=VALUE_C
env:
VAR_A: VALUE_A
VAR_B: VALUE_B
VAR_C: VALUE_C
So in the first case, the “value” in YAML struct is the whole key=val string, while in the second case only val part is a value, so you can encrypt only that thing:
env:
VAR_A:
secure: ...
VAR_B:
secure: ...
VAR_C:
secure: ...
While what I described is used to work, there’s a recently introduced bug applying to random repos, because they use a different version of YAML parser.
I’ve filed it here:
With a demo test:
@BanzaiMan it looks like a fairly serious bug, do you mind checking the details?