Configure with Circle 2

.circleci/config.yml

@@ -0,0 +1,31 @@
+version: 2
+general:
+  branches:
+    only:
+      - master
+
+jobs:
+  build:
+
+    docker:
+      - image: circleci/openjdk:8-jdk
+
+    working_directory: ~/project
+
+    steps:
+
+      - checkout
+
+      - run:
+          name: Decrypt and source env vars
+          command: |
+            cd .circleci
+            chmod +x set-env-vars.sh
+            ./set-env-vars.sh
+
+      - run:
+          name: Access env vars in another script
+          command: |
+            cd .circleci
+            chmod +x print-env-vars.sh
+            ./print-env-vars.sh

.circleci/decrypt-local.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+openssl aes-256-cbc -d -md sha256 \
+    -in  env.cipher \
+    -out env.generated \
+    -pass env:CIRCLE_OPEN_SSL_PASSWORD

.circleci/encrypt-local.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+openssl aes-256-cbc -e -md sha256 \
+    -in  env.plain \
+    -out env.cipher \
+    -pass env:CIRCLE_OPEN_SSL_PASSWORD

.circleci/env.cipher

@@ -0,0 +1 @@
+Salted__�Ѧ�/~�/�
��q�E�&�d��.�g��q���U`�<

.circleci/print-env-vars.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# Printing the values of the env vars for testing and verification.
+# Do not do this in a production setup!
+# Do not use actual sensitive data for testing!
+echo "FOO: ${FOO} BAR: ${BAR}"

.circleci/set-env-vars.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+openssl aes-256-cbc -d -md sha256 \
+    -in env.cipher \
+    -pass env:CIRCLE_OPEN_SSL_PASSWORD \
+    >> $BASH_ENV

.gitignore

@@ -1 +1,3 @@
-/secret-env-plain
+.idea
+*.plain
+*.generated

README.md

@@ -1,15 +1,98 @@
-# encrypted-files
+[![CircleCI](https://circleci.com/gh/muhammed-sayadi/circleci-encrypted-files.svg?style=svg)](https://circleci.com/gh/muhammed-sayadi/circleci-encrypted-files)
 
-This is a simple example of storing encrypted files in source for use in CircleCI builds.
+# circleci-encrypted-files
 
-In this example, the gitignored contents of `secret-env-plain` are:
+This is a simple example of storing encrypted files in source for use in CircleCI builds, updated to work with
+version 2 of Circle.
 
+In this example, the git-ignored contents of `env.plain` are:
+
+```
+FOO=secret1
+BAR=secret2
+
+```
+
+Checking the build step `Access env vars in another script` on Circle, you can see that the variables were decrypted
+and accessed correctly.
+
+## How to Test Yourself
+
+If you'd like to test this for your own project, here's a general step by step on how to re-produce this setup:
+
+1- Fork this repository into your account.
+
+2- Setup Circle project for your newly created repository.
+
+3- In Circle's Project Settings, set the environment variable `CIRCLE_OPEN_SSL_PASSWORD` to a secured password.
+Remember this value since you're going to use it later.
+
+4- Clone the repository to your local machine.
+
+5- Set the same environment variable `CIRCLE_OPEN_SSL_PASSWORD` to the same value on your local machine.
+
+6- Create a file called `env.plain` and enter the environment variables you want secured. For example, enter the
+following:
 ```
-export FOO=secret
-export BAR=alsosecret
+FOO=secret3
+BAR=secret4
+
 ```
 
-If they are encrypted with `openssl aes-256-cbc -e -in secret-env-plain -out secret-env-cipher -k $KEY`, and `$KEY` is set
-in the CircleCI project, the variables in `secret-env-plain` will be available in the build.
+7- Change directory to the circle directory; where the local encrypt and decrypt scripts are:
+```
+cd .circleci
+```
 
-You could use the same process but replace the `openssl` command in `circle.yml` with `openssl aes-256-cbc -d -in secret-file-cipher -out secret-file-plain -k $KEY` to create plaintext files in the build environment instead of just exporting environment variables.
+8- Grant the local encrypt and decrypt scripts execution permissions:
+```
+chmod +x encrypt-local.sh
+chmod +x decrypt-local.sh
+```
+
+9- Run the encryption script. This will update the `env.cipher` file with the encrypted values of your `env.plain`:
+```
+./encrypt-local.sh
+``` 
+
+10- To verify, locally, that decryption would work as expected, run the decrypt script:
+```
+./decrypt-local.sh
+```
+This will generate a file called `env.generated`.
+
+11- Check the content of the generated file; `env.generated`. This should match exactly with your `env.plain` content.
+
+12- Open the `print-env-vars.sh` script, and update with your own variables. Please note that if you're forking this
+public repository, you will end up with a public repository as well, so avoid testing with actual sensitive data.
+
+If you're following with this example, there's no need to update anything.
+
+13- Commit and push your changes. Note that the only file that would've changed is env.cipher. Note, also, that both
+`.plain` and `.generated` extensions are ignored. If you change these, please make sure to update .gitignore as well.
+
+```
+# Make sure that only env.cipher is changed.
+git status
+```
+
+```
+# Assuming that you're still in .circleci directory
+git add env.cipher
+```
+
+```
+git commit -m "Updated env vars"
+```
+
+```
+git push
+```
+
+14- Head to Circle's dashboard and check. If everything goes well, you should see your values at the end of the
+`Access env vars in another script` step.
+
+If you're following with this example, you should see the values we set in `env.plain`:
+```
+FOO: secret3 BAR: secret4
+```