Using multiple encrypted variables in a Python script

Languages Python
1

Hi there,

This feels like a very simple question but I haven’t been able to confirm the answer. I’m trying to run a Python script with some encrypted arguments but I’m not sure if I’m passing them in correctly. The build result suggests the encrypted values are not being referenced correctly.

  1. I have encrypted the values in .travis.yml using (for e.g.) *travis encrypt --pro encryptedKey1=“encryptedValue1”. I have 2 secret values I want to use so I add them manually to the file with separate names (i.e. I don’t use --add).
  2. In .travis.yml I use the values like this:

script:

  • python fpldraft.py -unencryptedKey1 unencryptedValue1 -unencryptedKey2 “unencryptedValue2” -encryptedKey1=$encryptedValue1 -encryptedKey2=$encryptedValue2

The result is an application error suggesting I’m not providing the encrypted values correctly.

Build results are available here:

https://app.travis-ci.com/github/jrandj/FPL-draft-picker/builds/236439822

Any help appreciated. Thanks!

2

The syntax for defining global encrypted environment variables is:

env:
  global:
    - secure: "<base64 given by `travis encrypt 'var=value'`>"
    - <etc>

travis encrypt output tells you exactly that when run without --add.

Then in the build, somewhere near the start of the log, you should see:

Setting environment variables from .travis.yml
$ export var=[secure]
<...>
1 Like
3

I’ve realised that when a variable is encrypted it is not just the the value that is encrypted but also the key. So I’m not sure if it is possible to do what I was trying to do. My application takes keys and values separately not an object with both in it. It works how I expected it if I just add the secrets as environment variables in the repository, which is good enough for me.