deploy_key.enc shouldn't be published?

Question

deploy_key.enc shouldn't be published?

EtherTyper opened this issue 8 years ago · 5 comments

I'm not an RSA master, but I don't think you should have the Travis CI deploy key on the public repo. Time to do some git filter-branching...

Answer 1 · 2016-07-10T00:48:00.000Z

Where do you see that, @EtherType?

We have a few of us working on the automation, but both Appveyor and TravisCI have pretty clear instructions on how to encrypt tokens and passwords and keys. I've just worked through exactly that to my https://github.com/bobsummerwill/cpp-ethereum/blob/merge_repos/appveyor.yml#L60.

Please do point that out, and we'll fix it, if it needs fixing.

Answer 2 · 2016-07-10T00:49:26.000Z

You're looking in https://github.com/ethereum/webthree-umbrella/tree/develop/ci/travis-emscripten?

.enc would seem to imply encrypted. Over to you, @chriseth!

Answer 3 · 2016-07-10T00:54:19.000Z

@bobsummerwill @chriseth Yep. The emscripten solidity deploy is what I was talking about.

Answer 4 · 2016-07-11T11:57:42.000Z

Yes, the key is encrypted. AFAIK this is the only way to perform a push from within travis. Also, travis only provides the decryption keys for non-pull requests so as long as we are careful with merges, there should be no way to retrieve the decryption keys or the encrypted git keys. Please reopen if we missed something.

Answer 5 · 2016-07-11T17:09:51.000Z

Did you create your encrypted key using the travis command-line Gem, @chriseth?