travis-env
v0.0.12
Published
A tool for provisioning secrets into travis build environments
Downloads
979
Maintainers
Readme
travis-env
A tool to manage a shared set of travis environment variables between github repos.
Motivation
Travis doesn't support organization wide configurations for environment variables. As a result a simple tool is needed to minimize the per-repo configuration necessary.
More discussion in this issue.
Structure
There are 2 main components to this system.
.travis-env-ci.json
A JSON file storing a key value map of environment variables to be stored in memory. This file is stored in an AWS S3 bucket and accessed via the AWS CLI and SDK. An example looks like the following:
{
"DOCKER_USERNAME": "username",
"DOCKER_PASSWORD": "password",
"OTHER_VARIABLE": "value"
}
T_ENV_CONFIG
This is an environment variable set on each travis repo. This variable should be a JSON string of key/value pairs to be read into memory initially.
The strategy is store AWS credentials here along with the bucket name containing the .travis-env-ci.json
file. This is just enough information to facilitate download, but can be easily invalidated in the event of a data breach.
An example config might look like the following:
{
"AWS_ACCESS_KEY_ID": "XXXXXXXXXXXXX",
"AWS_SECRET_ACCESS_KEY": "XXXXXXXXXXXXXXX",
"T_ENV_BUCKET": "YOUR_BUCKET_NAME"
}
Make sure that when it's supplied as an environment variable it's normalized for the shell:
'{"AWS_ACCESS_KEY_ID": "XXXXXXXXXXXXX","AWS_SECRET_ACCESS_KEY": "XXXXXXXXXXXXXXX","T_ENV_BUCKET":"YOUR_BUCKET_NAME"}'
Use
CI Environment
In a CI environment the travis-env
executable will do the following:
- Look for an env variable called
T_ENV_CONFIG
- Parse
T_ENV_CONFIG
and apply it to the current process - Look for an env variable called
T_ENV_BUCKET
- Download
.travis-env-ci.json
fromT_ENV_BUCKET
- Parse the JSON file downloaded, construct full
env
:{ ...T_ENV_CONFIG, ...parsed }
- Output
env
to stdout formatted for consumption by the shell
DOCKER_USERNAME=username
DOCKER_PASSWORD=password
OTHER_VARIABLE=value
AWS_ACCESS_KEY_ID=XXXXXXXXXXXXX
AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXX
T_ENV_BUCKET=YOUR_BUCKET_NAME
This can be used to set environment variables in the shell like so:
npm i -g travis-env && eval "$(travis-env)"
Non-CI Environment
In a non-ci environemnt the travis-env
executable will ask for a bucket name and generate an empty .travis-env-ci.json
file and put it in the root of the bucket. The config is stored in your home directory.
TODO
Make editing the .travis-env-ci.json
easier, expand cli functionality.
License
MIT