Encrypt the private SSH key as a Travis secure environment variable

This is to demonstrate that this doesn't actually work. See #349 (comment). The private key is too large to be encrypted with the Travis public key. Instead we have to do what we are currently doing. Create a symmetric encryption key to encrypt the actual SSH key, and then encrypt that symmetric key into the secure environment variable (and save the encrypted SSH private key to a file).
drdoctr · Jul 14, 2019 · 7d28a44 · 7d28a44
1 parent 6b30470
commit 7d28a44
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/doctr/__main__.py b/doctr/__main__.py
@@ -506,14 +506,16 @@ def configure(args, parser):
         private_ssh_key, public_ssh_key = generate_ssh_key()
         if args.dkenv:
             key = None  # don't need it on disk
-            encrypted_variable = None  # not applicable
-            private_ssh_key = private_ssh_key.decode('ASCII')  # Will print this later!
+            encrypted_variable = encrypt_variable(env_name.encode('utf-8') + b"=" +
+                                                  private_ssh_key.replace(b'\n', br'\n').replace(b' ', br'\ '),
+                                                  build_repo=build_repo, tld=tld,
+                                                  travis_token=travis_token, **login_kwargs)
         else:
             key = encrypt_to_file(private_ssh_key, keypath + '.enc')
             encrypted_variable = encrypt_variable(env_name.encode('utf-8') + b"=" + key,
                                                   build_repo=build_repo, tld=tld,
                                                   travis_token=travis_token, **login_kwargs)
-            private_ssh_key = None # Prevent accidental use below
+        private_ssh_key = None # Prevent accidental use below
         public_ssh_key = public_ssh_key.decode('ASCII')
 
         deploy_keys_url = 'https://github.com/{deploy_repo}/settings/keys'.format(deploy_repo=deploy_key_repo)
@@ -565,7 +567,6 @@ def configure(args, parser):
            repository settings as environment variable {env_name}:{RESET}
         """.format(N=N, BOLD_MAGENTA=BOLD_MAGENTA, RESET=RESET,
                    env_name=args.dkenv, private_ssh_key=private_ssh_key)))
-        print(private_ssh_key)
 
     print(dedent("""\
     {N}. {BOLD_MAGENTA}Add these lines to your `.travis.yml` file:{RESET}