Originally published at blog.mphomphego.co.za on July 25, 2019.
I have been constantly improving one of my side project that scrapes e-commerce websites and extracts some data then uploads the data to a Google sheet. One of my recent updates was to add email notifications, but since I use Travis CI to run the script as a cron-job I needed to encrypt my Google Dev
client_secret.json file (for obvious reasons) as well as my new email configuration file such that Travis CI runs my script which contains sensitive information on a public platform.
Note: The Travis CI Client overrides encrypted entries if you use it to encrypt multiple files, hence why my script kept failing to build.
In this post, I will detail a workaround to encrypt multiple files on Travis CI using the CLI client.
If you would like to check the project out, go here.
Before we continue, we need to install some dependencies.
NOTE: These instructions assumes that you are running
You need to install
travis-ci cli client, follow this installation guide lines.
TL;DR: On your Ubuntu installation, else continue at own risk.
Run the following commands:
$ sudo apt update $ sudo apt-get install ruby-full $ gem install travis
If like me, you do not like installing packages in your system.
I have a Dockerfile which builds a Docker container and you can easily run
Go here for detailed installation instructions.
Verify the installation once it is done, run:
$ travis login --com
If you need to encrypt multiple files, first we need to create an
archive of all sensitive files, encrypt it, and version control it then decrypts it during the build.
I needed to encrypt my sensitive
client_secret.jsonfiles, and this is how I did it.
$ tar cvf secrets.tar email_config.ini client_secret.json # Adding `--add` arg automatically adds the decryption command to your .travis.yml $ travis encrypt-file secrets.tar --add --com $ git add secrets.tar.enc .travis.yml $ git commit -m 'Archiving email config and client secret into secret.tar file.' $ git push origin master
.travis.yml, you should notice a new command
openssl ... this command decrypts your
secrets.tar file and then you would have to add a command to extract the files.
before_install: - openssl aes-256-cbc -K $encrypted_*******_key -iv $encrypted_*******_iv -in secrets.tar.enc -out secrets.tar -d - tar xvf secrets.tar script: - price_checker.py --email ./email_config.ini --json ./client_secret.json -s "Shopping List" --update
That's it, below is a screenshot of my SUCCESSFUL Travis Build.