Reputation: 27806
Store secrets in Travis, not in github repo
I use this guide for ci, bumpversion, upload to pypi:
https://github.com/guettli/github-travis-bumpversion-pypi
I like it, except that the secret gets stored in the repo.
Example: https://github.com/guettli/reprec the file secret-files.tar.enc is in the git repo and it looks strange.
Open source lovers don't like unparsable binaries like this.
Is there a way to store the secret in travis instead of github?
Upvotes: 0
Views: 419
Answers (1)
Reputation: 6569
Yes. You can set your secret as an environment variable on Travis, and use it in your program. Others can only know "oh, this guy uses a environment variable called PASSWORD!" and they don't know what the value is.
Only you and Travis CI know.
See this doc: https://docs.travis-ci.com/user/environment-variables/
If you want to store a secret file, you can create a private github repo, and clone it with your github password stored in the env variables.
Upvotes: 3
Related Questions
- How to Define Github Branch Specific Secret or an Alternative?
- Is it safe to fetch secure credentials in Travis CI in an open-source repo?
- How to share credentials used in Travis-CI
- How to add SSH Key in Travis CI?
- safe to commit travis secrets into public repo?
- Travis CI encrypted secret environment variables
- Travis CI build fails because it can't find the secret key file stored in my local home directory. How to handle this?
- Using secret api keys on travis-ci
- How do I include generic secrets/config file in github repository (for CI purposes) without deploying it to production
- Add secret environment variable to Travis CI