From 31c2596f295538ee3327479eb7911588af826391 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 13:57:34 +0400 Subject: [PATCH 01/43] Add circle config. Add decrypt script. Ignore plain and encrypt files --- .circleci/config.yml | 33 +++++++++++++++++++++++++++++++++ .circleci/decrypt.sh | 5 +++++ .circleci/secret-env-cipher | 1 + .gitignore | 4 +++- circle.yml | 8 -------- secret-env-cipher | Bin 48 -> 0 bytes 6 files changed, 42 insertions(+), 9 deletions(-) create mode 100644 .circleci/config.yml create mode 100644 .circleci/decrypt.sh create mode 100644 .circleci/secret-env-cipher delete mode 100644 circle.yml delete mode 100644 secret-env-cipher diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..ac1c70f --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,33 @@ +dependencies: + pre: + # update locally with: + # openssl aes-256-cbc -e -in secret-env-plain -out secret-env-cipher -k $KEY + - openssl aes-256-cbc -d -in secret-env-cipher -k $KEY >> ~/.circlerc +test: + override: + - "echo FOO: $FOO BAR: $BAR" + +version: 2 +general: + branches: + only: + - master + +jobs: + build: + + docker: + - image: circleci/openjdk:8-jdk + + working_directory: ~/project + + steps: + + - checkout + + - run: + name: Decrypt and source env vars + command: | + cd .circleci + chmod +x decrypt.sh + ./decrypt.sh diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh new file mode 100644 index 0000000..4b1f374 --- /dev/null +++ b/.circleci/decrypt.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k $OPENSSL_KEY +source secret-env-plain +rm secret-env-plain diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher new file mode 100644 index 0000000..18ccd69 --- /dev/null +++ b/.circleci/secret-env-cipher @@ -0,0 +1 @@ +Salted__s"mс;s %R!\r.O: 3 L ~_79w=աЕPN,q \ No newline at end of file diff --git a/.gitignore b/.gitignore index 3104485..412fe15 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -/secret-env-plain \ No newline at end of file +.circleci/secret-env-plain +.circleci/encrypt.sh +.idea diff --git a/circle.yml b/circle.yml deleted file mode 100644 index 4acdd5f..0000000 --- a/circle.yml +++ /dev/null @@ -1,8 +0,0 @@ -dependencies: - pre: - # update locally with: - # openssl aes-256-cbc -e -in secret-env-plain -out secret-env-cipher -k $KEY - - openssl aes-256-cbc -d -in secret-env-cipher -k $KEY >> ~/.circlerc -test: - override: - - "echo FOO: $FOO BAR: $BAR" \ No newline at end of file diff --git a/secret-env-cipher b/secret-env-cipher deleted file mode 100644 index 0b3c64f77647313f520004c58d1b051edd15a880..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 48 zcmV-00MGwZVQh3|WM5y|aKQ*FztXy4QgVC3tZ-$!H5jFn;LpzlmdpxE%gI6^pno6$ Gd97wLpccUZ From 999e50f9d14601ec3fb8e84616d907c64d7fcd72 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 14:00:03 +0400 Subject: [PATCH 02/43] Fix circle syntax. Print env vars for testing --- .circleci/config.yml | 9 --------- .circleci/decrypt.sh | 2 ++ 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ac1c70f..03b13d5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,12 +1,3 @@ -dependencies: - pre: - # update locally with: - # openssl aes-256-cbc -e -in secret-env-plain -out secret-env-cipher -k $KEY - - openssl aes-256-cbc -d -in secret-env-cipher -k $KEY >> ~/.circlerc -test: - override: - - "echo FOO: $FOO BAR: $BAR" - version: 2 general: branches: diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 4b1f374..eefa627 100644 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -3,3 +3,5 @@ openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k $OPENSSL_KEY source secret-env-plain rm secret-env-plain + +echo "FOO: $FOO BAR: $BAR" From 9c663c4714853cf1ddb6a92d6ee8569c580c0df6 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 14:10:58 +0400 Subject: [PATCH 03/43] Avoid simplified env var reference --- .circleci/decrypt.sh | 6 +++--- .circleci/secret-env-cipher | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) mode change 100644 => 100755 .circleci/decrypt.sh diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh old mode 100644 new mode 100755 index eefa627..2fc8b1d --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash -openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k $OPENSSL_KEY +openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k ${OPENSSL_KEY} source secret-env-plain -rm secret-env-plain +#rm secret-env-plain -echo "FOO: $FOO BAR: $BAR" +echo "FOO: ${FOO} BAR: ${BAR}" diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 18ccd69..26faeb2 100644 --- a/.circleci/secret-env-cipher +++ b/.circleci/secret-env-cipher @@ -1 +1 @@ -Salted__s"mс;s %R!\r.O: 3 L ~_79w=աЕPN,q \ No newline at end of file +Salted__TŨn4xk3H|\% Date: Sun, 26 Aug 2018 14:16:08 +0400 Subject: [PATCH 04/43] echo openssl version on the CI engine --- .circleci/decrypt.sh | 1 + .circleci/secret-env-cipher | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 2fc8b1d..9261463 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -5,3 +5,4 @@ source secret-env-plain #rm secret-env-plain echo "FOO: ${FOO} BAR: ${BAR}" +echo $(openssl version) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 26faeb2..f7be0fc 100644 --- a/.circleci/secret-env-cipher +++ b/.circleci/secret-env-cipher @@ -1 +1 @@ -Salted__TŨn4xk3H|\% Date: Sun, 26 Aug 2018 14:43:01 +0400 Subject: [PATCH 05/43] Install openssl on the CI --- .circleci/decrypt.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 9261463..5d5daa0 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash +sudo apt-get install -y openssl-2.7.7 openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k ${OPENSSL_KEY} source secret-env-plain #rm secret-env-plain From 5e3dcf537b894cbbeddd3846ae8ad862d2d0570b Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 14:47:05 +0400 Subject: [PATCH 06/43] Install latest openssl --- .circleci/decrypt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 5d5daa0..9d4fb78 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -sudo apt-get install -y openssl-2.7.7 +sudo apt-get install -y openssl openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k ${OPENSSL_KEY} source secret-env-plain #rm secret-env-plain From 8e0800149755b9d2bd0bce8a0c1d6e9fee65b5b4 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 15:16:59 +0400 Subject: [PATCH 07/43] Install libressl --- .circleci/decrypt.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 9d4fb78..7e87461 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -1,6 +1,14 @@ #!/usr/bin/env bash -sudo apt-get install -y openssl +git clone https://github.com/libressl-portable/portable.git libressl +cd libressl && sh autogen.sh +./configure --prefix="${HOME}/opt/libressl" +make +sudo make install +echo '/opt/libressl' | sudo tee /etc/ld.so.conf.d/libressl.conf +sudo ldconfig +cd .. + openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k ${OPENSSL_KEY} source secret-env-plain #rm secret-env-plain From 1a94a0f7d61f2df42e929dd7c96dd2052c2a0b66 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 15:31:12 +0400 Subject: [PATCH 08/43] Install libressl from apt-get --- .circleci/decrypt.sh | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 7e87461..7edd4d2 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -1,15 +1,8 @@ #!/usr/bin/env bash -git clone https://github.com/libressl-portable/portable.git libressl -cd libressl && sh autogen.sh -./configure --prefix="${HOME}/opt/libressl" -make -sudo make install -echo '/opt/libressl' | sudo tee /etc/ld.so.conf.d/libressl.conf -sudo ldconfig -cd .. +sudo apt-get install libressl -openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k ${OPENSSL_KEY} +libressl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k ${OPENSSL_KEY} source secret-env-plain #rm secret-env-plain From b6f2431aaeebb6a9eccba6f65ae2952b5efb7cbf Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 16:02:09 +0400 Subject: [PATCH 09/43] Use md5 --- .circleci/decrypt.sh | 4 +--- .circleci/secret-env-cipher | 3 ++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 7edd4d2..093af60 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -1,8 +1,6 @@ #!/usr/bin/env bash -sudo apt-get install libressl - -libressl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -k ${OPENSSL_KEY} +openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -md md5 -pass env:OPENSSL_PASSWORD source secret-env-plain #rm secret-env-plain diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index f7be0fc..88f29f1 100644 --- a/.circleci/secret-env-cipher +++ b/.circleci/secret-env-cipher @@ -1 +1,2 @@ -Salted__Lۭovm$ӛef'JFs] ii0tBn \ No newline at end of file +Salted__b<٭ZifN,9>g8d +꿕q"R.1GPΡ \ No newline at end of file From 17f53cc45fe6598ae2987fedb8f4dcc5818839d2 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 16:13:11 +0400 Subject: [PATCH 10/43] Use sha256 --- .circleci/decrypt.sh | 2 +- .circleci/secret-env-cipher | Bin 64 -> 64 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 093af60..87fb93d 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -md md5 -pass env:OPENSSL_PASSWORD +openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -md sha256 -pass env:OPENSSL_PASSWORD source secret-env-plain #rm secret-env-plain diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 88f29f1a1886dff157582be438d3d2cefab68b29..f1ab28c588d5d29ef3d128c8deacb129d1b1b1f4 100644 GIT binary patch literal 64 zcmV-G0KflJVQh3|WM5w-xz^G}HtQig0b+ciNvm#!D{rp(tU&;t=I< Date: Sun, 26 Aug 2018 16:14:32 +0400 Subject: [PATCH 11/43] Use ISO encoding --- .circleci/secret-env-cipher | Bin 64 -> 64 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index f1ab28c588d5d29ef3d128c8deacb129d1b1b1f4..35a20419fb2d2a1bbc29409c9ab5ae949f2783d3 100644 GIT binary patch literal 64 zcmV-G0KflJVQh3|WM5ys*G{iT3*pv6;+#|bmOKG;a%vpWS10@Es|PT#yYO{7xDFxL WK0Xl&z&8Z126I*FvKfs4<~uFSkQ{&j literal 64 zcmV-G0KflJVQh3|WM5w-xz^G}HtQig0b+ciNvm#!D{rp(tU&;t=I< Date: Sun, 26 Aug 2018 16:36:58 +0400 Subject: [PATCH 12/43] Change password --- .circleci/secret-env-cipher | Bin 64 -> 64 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 35a20419fb2d2a1bbc29409c9ab5ae949f2783d3..e4a1bdce55d87b62a2b269a92b077e4010d10d3f 100644 GIT binary patch literal 64 zcmV-G0KflJVQh3|WM5z3&3)|KMvzwYVkft!TwB42vQck>ue3`#n?jAvy*W`3=A$9& W_V|8PGYR|?f@G$AZ|XOVz&FS&gdqX| literal 64 zcmV-G0KflJVQh3|WM5ys*G{iT3*pv6;+#|bmOKG;a%vpWS10@Es|PT#yYO{7xDFxL WK0Xl&z&8Z126I*FvKfs4<~uFSkQ{&j From f7ea63d1fc452208a46c7f2b78efda288fe4d31c Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 16:41:10 +0400 Subject: [PATCH 13/43] Use proper password. Remove echo openssl version --- .circleci/decrypt.sh | 1 - .circleci/secret-env-cipher | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh index 87fb93d..bea3e5b 100755 --- a/.circleci/decrypt.sh +++ b/.circleci/decrypt.sh @@ -5,4 +5,3 @@ source secret-env-plain #rm secret-env-plain echo "FOO: ${FOO} BAR: ${BAR}" -echo $(openssl version) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index e4a1bdc..390bc46 100644 --- a/.circleci/secret-env-cipher +++ b/.circleci/secret-env-cipher @@ -1 +1,2 @@ -Salted__}FVb'\[QoK:Bͽ9Q!~U3 d|o77 \ No newline at end of file +Salted__Fc!k+ +qxƼxE |!YٹPt[sz \ No newline at end of file From dbf923fba454cba8d98461e76b010450b3a62cf2 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 16:43:09 +0400 Subject: [PATCH 14/43] Use shorter password --- .circleci/secret-env-cipher | Bin 64 -> 64 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 390bc46cf673df223c49122bc5f3f9853364e086..33bcf4924f0acba415030e8f50d33ad605a2bdc9 100644 GIT binary patch literal 64 zcmV-G0KflJVQh3|WM5z0@x=)6h;d;9_!HCXm&YR3gu=hq%Go0O?o-h>meRPE$yv3d WVMZ)O&;Z>$tQUl?GjWy32=xAPU?V30 literal 64 zcmV-G0KflJVQh3|WM5xKVsCX>vIFLk$SQ9?I523 From 3f04cc106dd833193cc0c2bdc50ca15785b230c6 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 19:26:30 +0400 Subject: [PATCH 15/43] Add the encrypt script to source code --- .circleci/encrypt.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100755 .circleci/encrypt.sh diff --git a/.circleci/encrypt.sh b/.circleci/encrypt.sh new file mode 100755 index 0000000..e0e26c5 --- /dev/null +++ b/.circleci/encrypt.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +openssl aes-256-cbc -e -in secret-env-plain -out secret-env-cipher -md sha256 \ + -pass env:OPENSSL_PASSWORD From 699e0e07b378530e499e09b1bd66eea07d17b437 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 19:29:05 +0400 Subject: [PATCH 16/43] git-ignore: Remove the encrypt script --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 412fe15..b400406 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ .circleci/secret-env-plain -.circleci/encrypt.sh +.circleci/secret-env-generated .idea From 2906da35849d3f688d3c99b4ccadd317bbcc522c Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Sun, 26 Aug 2018 19:32:08 +0400 Subject: [PATCH 17/43] Rename env script --- .circleci/config.yml | 4 ++-- .circleci/decrypt.sh | 7 ------- .circleci/secret-env-cipher | Bin 64 -> 64 bytes .circleci/set-env-vars.sh | 10 ++++++++++ 4 files changed, 12 insertions(+), 9 deletions(-) delete mode 100755 .circleci/decrypt.sh create mode 100755 .circleci/set-env-vars.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 03b13d5..fcb2c55 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -20,5 +20,5 @@ jobs: name: Decrypt and source env vars command: | cd .circleci - chmod +x decrypt.sh - ./decrypt.sh + chmod +x set-env-vars.sh + ./set-env-vars.sh diff --git a/.circleci/decrypt.sh b/.circleci/decrypt.sh deleted file mode 100755 index bea3e5b..0000000 --- a/.circleci/decrypt.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-plain -md sha256 -pass env:OPENSSL_PASSWORD -source secret-env-plain -#rm secret-env-plain - -echo "FOO: ${FOO} BAR: ${BAR}" diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 33bcf4924f0acba415030e8f50d33ad605a2bdc9..9c683938b8693f26cdc01579bc1c3a59ee78dd60 100644 GIT binary patch literal 64 zcmV-G0KflJVQh3|WM5y(5--{@hWENYn11?`!BpFV8o?7#j_^ZamZv4~j+D(qiTF2n W+@iv56^Hp1`ncmeRPE$yv3d WVMZ)O&;Z>$tQUl?GjWy32=xAPU?V30 diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh new file mode 100755 index 0000000..2b91cc0 --- /dev/null +++ b/.circleci/set-env-vars.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha256 \ + -pass env:OPENSSL_PASSWORD + +source secret-env-generated + +rm secret-env-generated + +echo "FOO: ${FOO} BAR: ${BAR}" From ffa27ae6e6433fca309bf0688642f8ea7b6bbb10 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:22:41 +0400 Subject: [PATCH 18/43] Try plain with no export --- .circleci/secret-env-cipher | 3 ++- .circleci/set-env-vars.sh | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 9c68393..25b710f 100644 --- a/.circleci/secret-env-cipher +++ b/.circleci/secret-env-cipher @@ -1 +1,2 @@ -Salted__/1>~TۂPCa%C7wܢmpV_ \ No newline at end of file +Salted__ܶQtk?B2ŵi*#$^!܄mZ + \ No newline at end of file diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh index 2b91cc0..fc9c267 100755 --- a/.circleci/set-env-vars.sh +++ b/.circleci/set-env-vars.sh @@ -6,5 +6,3 @@ openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha25 source secret-env-generated rm secret-env-generated - -echo "FOO: ${FOO} BAR: ${BAR}" From d658665d38de247c6eef77d15adfa80816fd74ff Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:24:22 +0400 Subject: [PATCH 19/43] Print vars for testing --- .circleci/set-env-vars.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh index fc9c267..2b91cc0 100755 --- a/.circleci/set-env-vars.sh +++ b/.circleci/set-env-vars.sh @@ -6,3 +6,5 @@ openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha25 source secret-env-generated rm secret-env-generated + +echo "FOO: ${FOO} BAR: ${BAR}" From 7778f600752b0a8ce4acbc97d5d32452850f17e5 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:27:35 +0400 Subject: [PATCH 20/43] Access env vars in a later step-script --- .circleci/config.yml | 7 +++++++ .circleci/print-env-vars.sh | 3 +++ 2 files changed, 10 insertions(+) create mode 100644 .circleci/print-env-vars.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index fcb2c55..8efcb95 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -22,3 +22,10 @@ jobs: cd .circleci chmod +x set-env-vars.sh ./set-env-vars.sh + + - run: + name: Access env vars in another script + command: | + cd .circleci + chmod +x print-env-vars.sh + ./print-env-vars.sh diff --git a/.circleci/print-env-vars.sh b/.circleci/print-env-vars.sh new file mode 100644 index 0000000..f4a36f9 --- /dev/null +++ b/.circleci/print-env-vars.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +echo "FOO: ${FOO} BAR: ${BAR}" From db27c2b5a7d85cee5051c23c1405c357bdc62b12 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:28:40 +0400 Subject: [PATCH 21/43] Set env vars with export --- .circleci/secret-env-cipher | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 25b710f..7023c4e 100644 --- a/.circleci/secret-env-cipher +++ b/.circleci/secret-env-cipher @@ -1,2 +1 @@ -Salted__ܶQtk?B2ŵi*#$^!܄mZ - \ No newline at end of file +Salted__ZXd0Ul\vt~Ȑ \x`&P} r \ No newline at end of file From 04e79cbc44427a8fe7ca25ce2e811b34109c3479 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:32:12 +0400 Subject: [PATCH 22/43] Set vars in the parent shell --- .circleci/config.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 8efcb95..18535b3 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,9 +19,14 @@ jobs: - run: name: Decrypt and source env vars command: | - cd .circleci - chmod +x set-env-vars.sh - ./set-env-vars.sh + openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha256 \ + -pass env:OPENSSL_PASSWORD + + source secret-env-generated + + rm secret-env-generated + + echo "FOO: ${FOO} BAR: ${BAR}" - run: name: Access env vars in another script From 0630752fa313681e6bfd797a0c230c16c830a0c0 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:35:13 +0400 Subject: [PATCH 23/43] Change to correct directory in decrypt step --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index 18535b3..6bfcb3d 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -19,6 +19,7 @@ jobs: - run: name: Decrypt and source env vars command: | + cd .circleci openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha256 \ -pass env:OPENSSL_PASSWORD From b9815766fb874d743283db8ec85b099f8e8d3cf4 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:39:48 +0400 Subject: [PATCH 24/43] Source to bash env --- .circleci/config.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6bfcb3d..a9d144f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -20,12 +20,8 @@ jobs: name: Decrypt and source env vars command: | cd .circleci - openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha256 \ - -pass env:OPENSSL_PASSWORD - - source secret-env-generated - - rm secret-env-generated + openssl aes-256-cbc -d -in secret-env-cipher -md sha256 \ + -pass env:OPENSSL_PASSWORD >> $BASH_ENV echo "FOO: ${FOO} BAR: ${BAR}" From ec44f8db66b5e876a0e40895285d6b180bbd3f64 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:41:59 +0400 Subject: [PATCH 25/43] Use set script again. Source vars for the current step --- .circleci/config.yml | 6 ++---- .circleci/set-env-vars.sh | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a9d144f..8efcb95 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -20,10 +20,8 @@ jobs: name: Decrypt and source env vars command: | cd .circleci - openssl aes-256-cbc -d -in secret-env-cipher -md sha256 \ - -pass env:OPENSSL_PASSWORD >> $BASH_ENV - - echo "FOO: ${FOO} BAR: ${BAR}" + chmod +x set-env-vars.sh + ./set-env-vars.sh - run: name: Access env vars in another script diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh index 2b91cc0..598389a 100755 --- a/.circleci/set-env-vars.sh +++ b/.circleci/set-env-vars.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha256 \ - -pass env:OPENSSL_PASSWORD + -pass env:OPENSSL_PASSWORD >> $BASH_ENV source secret-env-generated From 9a87fd19fc6da0df2b77b424ed6371fd647e9089 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:43:58 +0400 Subject: [PATCH 26/43] Only export to bash env --- .circleci/set-env-vars.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh index 598389a..b2980f2 100755 --- a/.circleci/set-env-vars.sh +++ b/.circleci/set-env-vars.sh @@ -1,10 +1,6 @@ #!/usr/bin/env bash -openssl aes-256-cbc -d -in secret-env-cipher -out secret-env-generated -md sha256 \ +openssl aes-256-cbc -d -in secret-env-cipher -md sha256 \ -pass env:OPENSSL_PASSWORD >> $BASH_ENV -source secret-env-generated - -rm secret-env-generated - echo "FOO: ${FOO} BAR: ${BAR}" From de128f7c8db67c1a4eb477d981c6b201970e1dd2 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 08:46:53 +0400 Subject: [PATCH 27/43] Test without export --- .circleci/secret-env-cipher | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/secret-env-cipher b/.circleci/secret-env-cipher index 7023c4e..3002aba 100644 --- a/.circleci/secret-env-cipher +++ b/.circleci/secret-env-cipher @@ -1 +1 @@ -Salted__ZXd0Ul\vt~Ȑ \x`&P} r \ No newline at end of file +Salted__$/Rh)E]cƋC^h2[uH \ No newline at end of file From 375a571671e947a70028c031decffde54774aad0 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:10:22 +0400 Subject: [PATCH 28/43] Change file and script names --- .circleci/decrypt-local.sh | 6 ++++++ .circleci/encrypt-local.sh | 6 ++++++ .circleci/encrypt.sh | 4 ---- .circleci/{secret-env-cipher => env.cipher} | 0 .gitignore | 4 ++-- 5 files changed, 14 insertions(+), 6 deletions(-) create mode 100644 .circleci/decrypt-local.sh create mode 100755 .circleci/encrypt-local.sh delete mode 100755 .circleci/encrypt.sh rename .circleci/{secret-env-cipher => env.cipher} (100%) diff --git a/.circleci/decrypt-local.sh b/.circleci/decrypt-local.sh new file mode 100644 index 0000000..c4be7b3 --- /dev/null +++ b/.circleci/decrypt-local.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +openssl aes-256-cbc -e \ + -in env.cipher \ + -out env.generated -md sha256 \ + -pass env:OPENSSL_PASSWORD diff --git a/.circleci/encrypt-local.sh b/.circleci/encrypt-local.sh new file mode 100755 index 0000000..2ceda18 --- /dev/null +++ b/.circleci/encrypt-local.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +openssl aes-256-cbc -e \ + -in env.plain \ + -out env.cipher -md sha256 \ + -pass env:OPENSSL_PASSWORD diff --git a/.circleci/encrypt.sh b/.circleci/encrypt.sh deleted file mode 100755 index e0e26c5..0000000 --- a/.circleci/encrypt.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash - -openssl aes-256-cbc -e -in secret-env-plain -out secret-env-cipher -md sha256 \ - -pass env:OPENSSL_PASSWORD diff --git a/.circleci/secret-env-cipher b/.circleci/env.cipher similarity index 100% rename from .circleci/secret-env-cipher rename to .circleci/env.cipher diff --git a/.gitignore b/.gitignore index b400406..4730ee0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -.circleci/secret-env-plain -.circleci/secret-env-generated .idea +*.plain +*.generated From b8cb807934bb98ba807d59faca257c360945bf29 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:12:27 +0400 Subject: [PATCH 29/43] Change mode of decrypt to +x --- .circleci/decrypt-local.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 .circleci/decrypt-local.sh diff --git a/.circleci/decrypt-local.sh b/.circleci/decrypt-local.sh old mode 100644 new mode 100755 From efa8ba5befb8b49f6bda65f684d2e50c16bc27bf Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:13:18 +0400 Subject: [PATCH 30/43] Add content to the cipher file --- .circleci/env.cipher | Bin 48 -> 48 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.circleci/env.cipher b/.circleci/env.cipher index 3002abaaac344f4611b0a6236b90a494143ca296..8c1cff0f4e3c3d01a56f42547abedbb1edfecf0c 100644 GIT binary patch literal 48 zcmV-00MGwZVQh3|WM5ynmsh+@h8=_V^$5N9f&F-3Vd_EvC5* GGx*b6Eg2U8 literal 48 zcmV-00MGwZVQh3|WM5w-(dV(}Fa6dMQs-zXMP0>Xs2;km#*3sw(_Ux?t)lLa4>DVI Gqe!JhwHK=Z From b12246c4115e12cb2f90254a98c863df55ba7b35 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:16:33 +0400 Subject: [PATCH 31/43] Change the secret file name in set-env-vars script --- .circleci/set-env-vars.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh index b2980f2..8e8b6b2 100755 --- a/.circleci/set-env-vars.sh +++ b/.circleci/set-env-vars.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -openssl aes-256-cbc -d -in secret-env-cipher -md sha256 \ - -pass env:OPENSSL_PASSWORD >> $BASH_ENV - -echo "FOO: ${FOO} BAR: ${BAR}" +openssl aes-256-cbc -d -md sha256 \ + -in secret-env-cipher \ + -pass env:OPENSSL_PASSWORD \ + >> $BASH_ENV From aac9ba09aaccc7964232a45ea81e364db193e464 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:17:42 +0400 Subject: [PATCH 32/43] Change secret file name in print env script --- .circleci/set-env-vars.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh index 8e8b6b2..2dc6813 100755 --- a/.circleci/set-env-vars.sh +++ b/.circleci/set-env-vars.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash openssl aes-256-cbc -d -md sha256 \ - -in secret-env-cipher \ + -in env.cipher \ -pass env:OPENSSL_PASSWORD \ >> $BASH_ENV From bf6dc01de8e99c407e1715890ca8d7c1ee6c8081 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:18:48 +0400 Subject: [PATCH 33/43] Change the decrypt command to actaully decrypt --- .circleci/decrypt-local.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/decrypt-local.sh b/.circleci/decrypt-local.sh index c4be7b3..58236b7 100755 --- a/.circleci/decrypt-local.sh +++ b/.circleci/decrypt-local.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -openssl aes-256-cbc -e \ +openssl aes-256-cbc -d \ -in env.cipher \ -out env.generated -md sha256 \ -pass env:OPENSSL_PASSWORD From bc686afa7dab84576690f259893d45bbbc0b13c1 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:21:08 +0400 Subject: [PATCH 34/43] Change test env var values for testing --- .circleci/env.cipher | Bin 48 -> 48 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/.circleci/env.cipher b/.circleci/env.cipher index 8c1cff0f4e3c3d01a56f42547abedbb1edfecf0c..0fea5ecaa4be089e23e214340036ecd9c699880a 100644 GIT binary patch literal 48 zcmV-00MGwZVQh3|WM5xuf+vdB-Xd=!;0i{c9}j266{_cdjxUkY39h+@h8=_V^$5N9f&F-3Vd_EvC5* GGx*b6Eg2U8 From cc7631595b3fb153b05b328a772e214779b2612f Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 21:49:07 +0400 Subject: [PATCH 35/43] Change the password env var name --- .circleci/decrypt-local.sh | 2 +- .circleci/encrypt-local.sh | 2 +- .circleci/set-env-vars.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/decrypt-local.sh b/.circleci/decrypt-local.sh index 58236b7..467e3b0 100755 --- a/.circleci/decrypt-local.sh +++ b/.circleci/decrypt-local.sh @@ -3,4 +3,4 @@ openssl aes-256-cbc -d \ -in env.cipher \ -out env.generated -md sha256 \ - -pass env:OPENSSL_PASSWORD + -pass env:CIRCLE_OPEN_SSL_PASSWORD diff --git a/.circleci/encrypt-local.sh b/.circleci/encrypt-local.sh index 2ceda18..362280b 100755 --- a/.circleci/encrypt-local.sh +++ b/.circleci/encrypt-local.sh @@ -3,4 +3,4 @@ openssl aes-256-cbc -e \ -in env.plain \ -out env.cipher -md sha256 \ - -pass env:OPENSSL_PASSWORD + -pass env:CIRCLE_OPEN_SSL_PASSWORD diff --git a/.circleci/set-env-vars.sh b/.circleci/set-env-vars.sh index 2dc6813..297e2e3 100755 --- a/.circleci/set-env-vars.sh +++ b/.circleci/set-env-vars.sh @@ -2,5 +2,5 @@ openssl aes-256-cbc -d -md sha256 \ -in env.cipher \ - -pass env:OPENSSL_PASSWORD \ + -pass env:CIRCLE_OPEN_SSL_PASSWORD \ >> $BASH_ENV From 20455d374265bdd77adec40a947d02587eee5c22 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 22:24:04 +0400 Subject: [PATCH 36/43] Re-arrange openssl options --- .circleci/decrypt-local.sh | 4 ++-- .circleci/encrypt-local.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.circleci/decrypt-local.sh b/.circleci/decrypt-local.sh index 467e3b0..60bbb87 100755 --- a/.circleci/decrypt-local.sh +++ b/.circleci/decrypt-local.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -openssl aes-256-cbc -d \ +openssl aes-256-cbc -d -md sha256 \ -in env.cipher \ - -out env.generated -md sha256 \ + -out env.generated \ -pass env:CIRCLE_OPEN_SSL_PASSWORD diff --git a/.circleci/encrypt-local.sh b/.circleci/encrypt-local.sh index 362280b..4e09fe4 100755 --- a/.circleci/encrypt-local.sh +++ b/.circleci/encrypt-local.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -openssl aes-256-cbc -e \ +openssl aes-256-cbc -e -md sha256 \ -in env.plain \ - -out env.cipher -md sha256 \ + -out env.cipher \ -pass env:CIRCLE_OPEN_SSL_PASSWORD From 06179da20cb65b2ec2213418d39e25c8ccd4e8e2 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 22:25:37 +0400 Subject: [PATCH 37/43] Decrypt values --- .circleci/env.cipher | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/env.cipher b/.circleci/env.cipher index 0fea5ec..ca6efc3 100644 --- a/.circleci/env.cipher +++ b/.circleci/env.cipher @@ -1,2 +1 @@ -Salted__j'"o# -Fg/ ZW}Q қ \ No newline at end of file +Salted__2lPJ⍧ٌe6޼N!*+ \ No newline at end of file From 2bf27ba0c631dfbe68c5b55dc0f265876f7f38c4 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 22:28:54 +0400 Subject: [PATCH 38/43] Use proper password --- .circleci/env.cipher | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/env.cipher b/.circleci/env.cipher index ca6efc3..008e4df 100644 --- a/.circleci/env.cipher +++ b/.circleci/env.cipher @@ -1 +1 @@ -Salted__2lPJ⍧ٌe6޼N!*+ \ No newline at end of file +Salted__Ѧ/~/qE&d.gqU`< \ No newline at end of file From 67e13e1bac3ba9da50640b3c86ff43d0f3bfceb1 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 23:11:08 +0400 Subject: [PATCH 39/43] Update read me --- README.md | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 88 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index d6aeb50..6d047b5 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,95 @@ -# encrypted-files +[![CircleCI](https://circleci.com/gh/muhammed-sayadi/circleci-encrypted-files.svg?style=svg)](https://circleci.com/gh/muhammed-sayadi/circleci-encrypted-files) -This is a simple example of storing encrypted files in source for use in CircleCI builds. +# circleci-encrypted-files -In this example, the gitignored contents of `secret-env-plain` are: +This is a simple example of storing encrypted files in source for use in CircleCI builds, updated to work with +version 2 of Circle. +In this example, the git-ignored contents of `env.plain` are: + +``` +FOO=secret1 +BAR=secret2 + +``` + +Checking the build step `Access env vars in another script` on Circle, you can see that the variables were decrypted +and accessed correctly. + +## How to Test Yourself + +If you'd like to test this for your own project, here's a general step by step on how to re-produce this setup: + +1- Fork this repository into your account. + +2- Setup Circle project for your newly created repository. + +3- In Circle's Project Settings, set the environment variable `CIRCLE_OPEN_SSL_PASSWORD` to a secured password. +Remember this value since you're going to use it later. + +4- Clone the repository. + +5- Set the same environment variable `CIRCLE_OPEN_SSL_PASSWORD` to the same value on your local machine. + +6- Create a file called `env.plain` and enter the environment variables you want secured. For example, enter the +following: +``` +FOO=secret3 +BAR=secret4 + +``` + +7- Change directory to the circle directory; where the local encrypt and decrypt scripts are: +``` +cd .circleci +``` + +8- Grant the local encrypt and decrypt scripts execution permissions: ``` -export FOO=secret -export BAR=alsosecret +chmod +x encrypt-local.sh +chmod +x decrypt-local.sh ``` -If they are encrypted with `openssl aes-256-cbc -e -in secret-env-plain -out secret-env-cipher -k $KEY`, and `$KEY` is set -in the CircleCI project, the variables in `secret-env-plain` will be available in the build. +9- Run the encryption script. This will update the `env.cipher` file with the encrypted values of your `env.plain`: +``` +./encrypt-local.sh +``` + +10- To verify, locally, that decryption would work as expected, run the decrypt script: +``` +./dcrypt-local.sh +``` +This will generate a file called `env.generated`. + +11- Check the content of the generated file; `env.generated`. This should match exactly with your `env.plain` content. + +12- Open the `print-env-vars.sh` script, and update with your own variables. Please note that if you're forking this +public repository, you will end up with a public repository as well, so avoid testing with actual sensitive data. + +If you're following with this example, there's no need to update anything. + +13- Commit and push your changes. Note that the only file that would've changed is env.cipher. Note, also, that both +`.plain` and `.generated` extensions are ignored. If you change these, please make sure to update .gitignore as well. + +``` +# Make sure that only env.cipher is changed. +git status +``` + +``` +# Assuming that you're still in .circleci directory +git add env.cipher +``` + +``` +git commit -m "Updated env vars" +``` + +``` +git push +``` -You could use the same process but replace the `openssl` command in `circle.yml` with `openssl aes-256-cbc -d -in secret-file-cipher -out secret-file-plain -k $KEY` to create plaintext files in the build environment instead of just exporting environment variables. +14- Head to Circle's dashboard and check. If everything goes well, you should see your values in the +`Access env vars in another script` step. + +15- Celebrate. From 2eddb3076d3b83fdffcda2902a3eb8e0e9a119a4 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 23:14:56 +0400 Subject: [PATCH 40/43] Update read me with the results of the example --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6d047b5..c80cafe 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,11 @@ git commit -m "Updated env vars" git push ``` -14- Head to Circle's dashboard and check. If everything goes well, you should see your values in the +14- Head to Circle's dashboard and check. If everything goes well, you should see your values at the end of the `Access env vars in another script` step. - -15- Celebrate. + +If you're following with this example, you should see the values we set in `env.plain`: +``` +FOO: secret3 BAR: secret4 +``` + \ No newline at end of file From 32c43060ccf482fe9930cd3e7f6a4475362abffa Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 23:17:24 +0400 Subject: [PATCH 41/43] Delete extra space --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index c80cafe..9e0775c 100644 --- a/README.md +++ b/README.md @@ -96,4 +96,3 @@ If you're following with this example, you should see the values we set in `env. ``` FOO: secret3 BAR: secret4 ``` - \ No newline at end of file From 2d5eaebd93faed51f0f78669878a33ea0c6f30c4 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Mon, 27 Aug 2018 23:28:21 +0400 Subject: [PATCH 42/43] Add warning comments in print step --- .circleci/print-env-vars.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.circleci/print-env-vars.sh b/.circleci/print-env-vars.sh index f4a36f9..902d2f5 100644 --- a/.circleci/print-env-vars.sh +++ b/.circleci/print-env-vars.sh @@ -1,3 +1,6 @@ #!/usr/bin/env bash +# Printing the values of the env vars for testing and verification. +# Do not do this in a production setup! +# Do not use actual sensitive data for testing! echo "FOO: ${FOO} BAR: ${BAR}" From 2951f0ad0c3d7b1e2289926a11516d38a8c7d513 Mon Sep 17 00:00:00 2001 From: Mohamad Al Sayadi Date: Fri, 31 Aug 2018 12:31:15 +0400 Subject: [PATCH 43/43] Fix typo. Clarify clone step --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9e0775c..e3bc25f 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ If you'd like to test this for your own project, here's a general step by step o 3- In Circle's Project Settings, set the environment variable `CIRCLE_OPEN_SSL_PASSWORD` to a secured password. Remember this value since you're going to use it later. -4- Clone the repository. +4- Clone the repository to your local machine. 5- Set the same environment variable `CIRCLE_OPEN_SSL_PASSWORD` to the same value on your local machine. @@ -57,7 +57,7 @@ chmod +x decrypt-local.sh 10- To verify, locally, that decryption would work as expected, run the decrypt script: ``` -./dcrypt-local.sh +./decrypt-local.sh ``` This will generate a file called `env.generated`.