Consider use for environment variables
Closed this issue · 2 comments
This library can also be used for providing secure environment variables. I think this is something we can document better and provide some more direct support around this.
It would be nice if we could
-
Accept a flat JSON file of key-value pairs to encrypt.
-
make the prompt more friendly to this fact.
- ie instead of just
Password:maybe `Enter the password or - alternatively a separate prompt for environment variables that does two steps:
enter variable nameandenter value for {variable_name}
- ie instead of just
-
Update docs accordingly
Suppose I have my-secrets.json
{
"SECRET_TOKEN_VARIABLE": "super-secret123",
"ANOTHER_VARIABLE": "also-secret!",
}
Currently, I get the secure string value one-by-one entering SOME_VARIABLE="thevalue" for the "password" each time and copy-pasting. (thanks to the handy --clipboard feature 😉)
I would like to do something like
travis-encrypt -f my-secrets.json -o encrypted-secrets.json myusername reponame
and the output file will be something like
{
"SECRET_TOKEN_VARIABLE": "secure: FCQIPE+gD7lca0QlNJsfL...",
"ANOTHER_VARIABLE": "secure: OW9HhsrgHiaI+9+P/DJTFGd....",
}
Or otherwise add these variables into the yml; supporting similar options that currently exist.
Perhaps provide a parameter that is a list of variables to read from the current environment and encrypt?
Thoughts?
I think this is a good idea. It's similar to #6 in that we could allow a json file to be given to --password=<my-secrets.json and then parse and encrypt the environment variables from there. I think reading in current environment variables would be interesting too, but I could see it getting unwieldy when a user has to input many environment variables into the command line.