Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure encrypted file env variable names are unique per filename #678

Merged
merged 3 commits into from
Aug 8, 2019
Merged

Make sure encrypted file env variable names are unique per filename #678

merged 3 commits into from
Aug 8, 2019

Conversation

svenfuchs
Copy link
Contributor

As per this comment #239 (comment) encrypted file env variable names should be unique per filename:

Each file should have its own set of variables (that's why there's a hash in the var name).

But they are not, because all we hash is the current working directory Dir.pwd. This PR addresses that.

@svenfuchs
Copy link
Contributor Author

The tests fail because the Ruby versions 1.9.2 and 1.9.3 cannot be installed. Apparently they have been removed? In any case that's unrelated :)

BanzaiMan
BanzaiMan reviewed Aug 5, 2019
View reviewed changes
lib/travis/cli/encrypt_file.rb
end

def env_name(name)
@env_prefix ||= "encrypted_#{Digest.hexencode(Digest::SHA1.digest(Dir.pwd)[0..5])}"
def env_name(input_path, name)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tiny caveat here is that, as it was before, this command is context dependent. If we execute travis encrypt-file from a different directory, even if the command is invoked on the same file, we will compute a different hash. This is not documented anywhere, but it is worth pointing it out.

Copy link
Contributor Author

@svenfuchs svenfuchs Aug 5, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@BanzaiMan without having verified it, i believe that input_path is whatever path is passed to travis encrypt path/to/file (i.e. it would be path/to/file). so yes, i guess that counts as context dependent, but it kinda makes sense to me, as such paths would be considered unique per repo, too (and so would the resulting env vars)?

BanzaiMan
BanzaiMan approved these changes Aug 5, 2019
View reviewed changes
Copy link
Contributor

@BanzaiMan BanzaiMan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than that small caveat, this looks good to me.

@svenfuchs
Remove Ruby 1.9.2 from the build matrix
cdb1e0d 
Ruby 1.9.2 EOL was on July 31, 2014 https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/
and RVM is unable to compile 1.9.2 https://travis-ci.org/travis-ci/travis-rubies/jobs/568016914#L325.

Instead, let's add a couple somewhat more recent versions.
@svenfuchs svenfuchs merged commit 12182e0 into master Aug 8, 2019
@svenfuchs svenfuchs deleted the sf-fix-file-encryption-var-names branch August 8, 2019 18:24
@svenfuchs svenfuchs mentioned this pull request Sep 12, 2019
Closed
@oblador
Copy link

oblador commented Sep 14, 2019

Any chance of this being released soon?

sauloperez added a commit to coopdevs/timeoverflow-provisioning that referenced this pull request Nov 11, 2019
@sauloperez
Encrypt all files just once using a tar
e94ea0b 
Unfortunatley, Travis does not support encrypting multiple files (see:
travis-ci/travis.rb#239) and although it's
been solved in travis-ci/travis.rb#678 there's
still no release including it. I followed the documentation at
https://docs.travis-ci.com/user/encrypting-files/?source=post_page---------------------------#encrypting-multiple-files
and encrypted a tar file that contains all files: the deployment private
key and the vault password file.

Yet another reason to switch to an alternative like Circe CI or
GitLab...
@sauloperez sauloperez mentioned this pull request Nov 11, 2019
Merged
@BanzaiMan BanzaiMan mentioned this pull request Mar 4, 2020
Merged
@rvolosatovs rvolosatovs mentioned this pull request Mar 19, 2020
Merged
6 tasks
This was referenced Apr 7, 2020
Closed
Closed
@sfc-gh-japatel
Copy link

How to fetch key and iv values to put as env variable in repo?

@BanzaiMan BanzaiMan mentioned this pull request Jun 12, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BanzaiMan BanzaiMan BanzaiMan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@svenfuchs @oblador @sfc-gh-japatel @BanzaiMan