Travis doesn't decrypt secure environment variables

josh-richardson · May 19, 2020, 7:59pm

Hi there,

I’ve been experiencing an issue today with a Travis build which previously worked fine with a secure variable, however I’ve recently had to change the content of the variable, and it now no longer decrypts the variable content successfully.

The build in question is here:
https://travis-ci.org/github/epirus-io/epirus-cli/jobs/688882890

I’ve logged in to the Travis CLI (v1.9.1), and added the environment variable using the following command:

travis encrypt GITHUB_PERSONAL_ACCESS_TOKEN="<value>" --org --add

This runs successfully, and results in the following output:

github.com

epirus-io/epirus-cli/blob/master/.travis.yml#L25


  include:
  - stage: build master
    script: "./gradlew spotlessCheck check jacocoTestReport"
    if: branch = master OR type = pull_request
  - stage: release github
    if: branch =~ /release/
    script: "./gradlew check distZip distTar shadowDistTar shadowDistZip -Pversion=${TRAVIS_BRANCH#'release/'}
      && ./scripts/github-release.sh"
env:
  global:
  - secure: AnTzHKm0jflUeXxP9/nbFWFl3/txVJvj9YlyOU9x7RD9Vrxrc56RqUr3A7j2AP6lHJeXJD1aAp/c/Snl4ZpbCPHbjhwDEva2wCmolP/OaVxmOAwEDr4nZptokoJRgXRFy/kJEHqnRVTIvDLKnQ5uK0P/2iertanYZzPctTBBdPia/ZbJlSEaOySxFsIHkIotkFO7a5Q8lzZ0iSeMb9JCKJgZuxJHVdmDvbPCJB//la1k9OJzTqDydw/T1U43RoKdDe4xqWH9Vs87nuZ80DTEcKT8A1cZIg2PmhwF3Q/uroLVqiQ8lfxR8qoH2hyNWyNfa5dUeB3N+h7OPjNS9Tha7HY9LAUEivk2OXJhob30zu8b7C2DJJrcWgy6qs7XdO8WqnXlrlXMQFBLeMz35BcMUm+ag6g3nvAHqGeDx0QdlN7LNg1b8uavzT+olefF2ODac69W+HToEhQ1oq/kpjWU0xqyVh6y9lRU0BM4bmOSBxtYJ4LXgcE2h5LnjuV7YMF4Psh7yD6mTF+UhqAmSyJhP9KB2SpAxs1Kg7VJHH4efzJlbEJX0ad0VtEnkrKJAKIkkByboo19Avdan3ThagVZQj8OtD4kyDcAPKji+ZfPjwzBsk9Ka5u7lc9M4mGGxLe8gWdkTJtD0Rux2DfS03EmmiehVuiF29HP6wXJd/ZXBTg=

However, travis does not seem to be decrypting the name of the variable, nor does it export it anywhere in the build console output when the build is triggered.

I should also mention that I’ve tried making the secure variable a list (by prepending - ), to no avail.

BanzaiMan · May 20, 2020, 3:14am

A likely explanation is that your encrypted value is wrong. Try explicitly specifying the repository name with the -r flag: travis encrypt -r epirus-io/epirus-cli …

Alternatively, you can define the secrets in the Settings page.

josh-richardson · May 20, 2020, 7:10am

Hey @BanzaiMan

Specifying the repository name with -r did indeed work. However I’ve always been running the encrypt command inside the project directory (root dir of the git repo), so I’m a little confused as to why this step was needed, as the docs imply that it’s only required if you’re running the command outside of the repo.

Thanks for the guidance!

Topic		Replies	Views
File Encryption Environment Variables error Xenial	1	768	October 25, 2020
Script can't find secure environment variable Travis CI Discussions & Feedback env-vars	7	4117	September 29, 2019
Encrypted variable in Travis as the value of a secure key Deployment	1	856	January 5, 2022
Encrypted env vars are not set Deployment	3	1435	December 2, 2019
How to update encrypted secrets? Deployment	4	1690	November 9, 2018

Travis doesn't decrypt secure environment variables

Related topics