Storing deployment key as secret environment variable?

[peterjc]

There is some interesting (historical) background on #242 and #276 about deployment keys and where to store them in order to support multiple deployments from a single repository, and #166 is close to my request.

Rather than the current token or fernet encryption solutions, could doctr simply have the private deploy key itself as a secret environment variable? i.e. Define the variable(s) in TravisCI Repository Settings and turn on hide in logs (should be able to do something similar on other platforms too):

https://docs.travis-ci.com/user/environment-variables/#defining-variables-in-repository-settings

This fits with the TravisCI advice at the start of that page:

• if it does contain sensitive information, and might be different for different branches – encrypt it and add it to your .travis.yml
• if it does contain sensitive information, but is the same for all branches – add it to your Repository Settings

All we need to tell doctr is the name of the environment variable it can find the deployment key in (from where it can do the SSH setup), to further reduce the chance of the environment variable appearing in a log despite TravisCI's efforts to censor it.

I would also add that avoiding having (an encrypted copy) of the key in your .travis.yml file and/or as *.enc in the repository has another big plus - the basic configuration can be shared or changed between forks without any conflicts (e.g. setting up a personal fork of a project repo and the deployment repo).

[asmeurer]

I think I initially thought the key was too big to fit in an environment variable. Or maybe there really was such a size limitation, I can't remember.

I can't remember if there was some other disadvantage to doing this. I think it mostly just hasn't happened because I never got around to implementing it. It's my "option 3" from #242

[peterjc]

Good to hear.

If there’s no obvious technical reason not to try doing it this way, I think it would make for a simpler system (especially for thinks like experiments on a personal fork before deploying to the master repository).

I may have a go, having failed to get things to work with the encrypted key approach.

[asmeurer]

Great. Unfortunately doctr requires a lot of manual testing, especially anything related to the configure stage, so it requires some time dedication to work on things, which I haven't had lately. But if you want to help work on things great. I can give you push access if it will help.