# Set up the SSH keys #### 1. Enable Travis CI If you haven't, [enable Travis CI for your repository](https://docs.travis-ci.com/user/getting-started/#To-get-started-with-Travis-CI%3A) by going to your Travis CI [profile page](https://travis-ci.org/profile) and flicking the repository switch on. ![](https://cloud.githubusercontent.com/assets/1223565/12536703/4f9161ae-c2b5-11e5-904c-e11f561e8b6f.gif) #### 2. Set up the SSH keys ##### 2.1. Generate the SSH keys :information_source: For this example I'm using `github_deploy_key` as the base name for the files that contain the SSH keys, but you can use whatever name you want. ```bash ssh-keygen -t rsa -b 4096 -C "" -f github_deploy_key -N '' ``` This will generate 2 keys in 2 different files: * public key in `github_deploy_key.pub` * private key in `github_deploy_key` ##### 2.2. Add the public key to GitHub * Go to `https://github.com///settings/keys` and click on `Add deploy key`: ![](https://cloud.githubusercontent.com/assets/1223565/12536786/6e2b6e7c-c2b8-11e5-89ba-2b1a8403d90b.png) * Copy the public key (in this case, the content from `github_deploy_key.pub`) ![](https://cloud.githubusercontent.com/assets/1223565/12891702/5c643cb6-ce91-11e5-8b24-1152f6b41c6e.png) * Check the `Allow write access` checkbox ![](https://cloud.githubusercontent.com/assets/1223565/12537188/b687d6e8-c2c1-11e5-843e-0585334bf780.png) * Add the key! ![](https://cloud.githubusercontent.com/assets/1223565/12902618/ec901010-ceca-11e5-90ac-a502f9962989.png) * Remove the file containing the public key so that it's not accidentally committed ```bash rm github_deploy_key.pub ``` ##### 2.3 [Install the Travis CLI](https://docs.travis-ci.com/user/encryption-keys/#Usage) ```bash gem install travis ``` ##### 2.4. [Login to Travis using the Travis CLI](https://docs.travis-ci.com/user/encrypting-files#Preparation) ```bash travis login ``` ##### 2.5. Encrypt the file containing the private key :warning: Because of an [issue with the Travis CLI](https://github.com/travis-ci/travis-ci/issues/4746), the following **will not work** as intended if done **on Windows**! * Use the Travis CLI to encrypt the file containing the private SSL key ```bash travis encrypt-file github_deploy_key ``` The above will output something like: ```bash encrypting github_deploy_key for / storing result as github_deploy_key.enc storing secure env variables for decryption openssl aes-256-cbc -K $encrypted_XXXXXXXXXXXX_key -iv $encrypted_XXXXXXXXXXXX_iv -in github_deploy_key.enc -out github_deploy_key -d Pro Tip: You can add it automatically by running with --add. Make sure to add github_deploy_key.enc to the git repository. Make sure not to add github_deploy_key to the git repository. Commit all changes to your .travis.yml. ``` :information_source: I didn't use `--add` to have the Travis CLI automatically add the decrypt command to the `.travis.yml` file as it usually screws up the formatting. :information_source: The values of the `$encrypted_XXXXXXXXXXXX_key` and `$encrypted_XXXXXXXXXXXX_iv` environment variables will be automatically uploaded by the Travis CLI to Travis CI, see: `https://travis-ci.org///settings`. ![](https://cloud.githubusercontent.com/assets/1223565/12903066/89ff92d8-cecd-11e5-970e-2f5a6fb2d230.png) Also, this is the reason why you needed to login to Travis using the Travis CLI at [step `2.4.`](#24-login-to-travis-using-the-travis-cli). * Remove the file containing the private key so that it's not accidentally committed ```bash rm github_deploy_key ``` ##### 2.6. Set up SSH connection for Travis CI :information_source: In the examples below, I'm presuming the encrypted file generated at [step `2.5.`](#25-encrypt-the-file-containing-the-private-key) (`github_deploy_key.enc`) is placed in the `.travis/` directory from the root of the project. Add the necessary commands to the `.travis.yml` file, and either: * use the `travis-scripts'` helper function `set-up-ssh`: ```yml after_success: - | $(npm bin)/set-up-ssh --key "$encrypted_XXXXXXXXXXXX_key" \ --iv "$encrypted_XXXXXXXXXXXX_iv" \ --path-encrypted-key ".travis/github_deploy_key.enc" ``` * write the necessary code yourself, e.g.: ```yml after_success: - | declare -r SSH_FILE="$(mktemp -u $HOME/.ssh/XXXXX)" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Decrypt the file containing the private key # (Note: this is the same as what is generated by the Travis CLI at step 2.5) openssl aes-256-cbc \ -K $encrypted_XXXXXXXXXXXX_key \ -iv $encrypted_XXXXXXXXXXXX_iv \ -in ".travis/github_deploy_key.enc" \ -out "$SSH_FILE" -d # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Enable SSH authentication chmod 600 "$SSH_FILE" \ && printf "%s\n" \ "Host github.com" \ " IdentityFile $SSH_FILE" \ " LogLevel ERROR" >> ~/.ssh/config ``` Note: The above is basically what the `set-up-ssh` script does behind the scenes. #### 3. Add the environment variables `GH_USER_NAME` and `GH_USER_EMAIL` The travis scrips will use the values of the `GH_USER_EMAIL` and `GH_USER_NAME` environment variables as the [email and user name](https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup#Your-Identity) with which the commits will be made. I personally don't recommend [specifying their values directly](https://docs.travis-ci.com/user/environment-variables/#Defining-Variables-in-.travis.yml) as that would mean they will be public. Instead, you should encrypt them by generating a secure key using the Travis CLI: ```bash travis encrypt -r "/" \ GH_USER_EMAIL="" \ GH_USER_NAME="" ``` The above will output something like: ```bash Please add the following to your .travis.yml file: secure: "" Pro Tip: You can add it automatically by running with --add. ``` :information_source: I didn't use `--add` to have the Travis CLI automatically add the secure key to the `.travis.yml` file as that usually screws up the formatting. Then, once you have the secure key, add it to your `.travis.yml` file ```yml env: global: - secure: "" ``` ---