In .travis.yml, is it possible to have multiple values of a secure encrypted environment variable for different builds in the matrix? I want to have a matrix like
- VAR1="true" SECURE_VAR=[secure 1]
- VAR2="true" SECURE_VAR=[secure 2]
It seems like you can either make the secure variables global to all builds by putting it in global, or set them as the only variable for a build by putting secure under matrix. But I don't even see a way to mix a secure and non-secure environment variable to define a build. Is this possible?
I tried
env:
matrix:
- VAR1: "true"
secure: "kJUVmbb8L26E4UNTp3n...="
- ...
In other words, putting them both as keys in a dictionary, which apparently works for normal environment variables. But this caused Travis to error.
Related
I'm working on improving security in a legacy asp.net application. One issue identified was the use of hard-coded database connection strings in web.config.
To resovle this, I've moved the connection details to secret variables in Azure Devops variable groups.
The variable substitution is done in the IISWebAppDeploymentOnMachineGroup#0 task, by setting XmlVariableSubstitution.
This works fine. However I'm a bit concerned about how broadly this applies. This task will perform substitutions across all config files in the application, matching any element in appSettings, connectionStrings, configSections, based on key or name, against all pipeline variables.
If at some stage someone added a variable to the variable groups, which happens to match a key for any appSettings across the whole application, the value will be unintentionally and silently substituted.
I'd like to somehow limit the scope of the substitution task, to ensure it only applies where we need it to.
Is anyone aware of any way to do this?
When you use the option: XML variable substitution in the IISWebAppDeploymentOnMachineGroup task, it will loop all config files by default.
I am afraid that there is no such method can limit the scope of the Xml Variable Substitution action in the IISWebAppDeploymentOnMachineGroup task.
For a workaround, you can add File transform task to update the variable in the config file. It supports to defining the target file in the task.
for example:
- task: FileTransform#1
displayName: 'File Transform: '
inputs:
fileType: xml
targetFiles: web.config
On the other hand, you can also use the task RegEx Match & Replace task from RegEx Match & Replace. It supports to define the target variable and target file in the task. Refer to my previous ticker: RegExMatchReplace task
what is the difference between those two environment variables in the .env.local.example example file from NextAuth?
I found in the documentation that if you want to use JWT on auth requests, you need to provide a hash value on NEXTAUTH_SECRET but I couldn't find what is SECRET used for.
Is there any usage for this SECRET variable?
I am trying to get my environment variables in one of my pages, but it is always returning undefined. I have no issues with accessing the variables in api folder but in pages/page.tsx it doesn't return the variables.
I access my variables using
const SECRET = process.env.SECRET from my .env file.
How can I fix this issue?
I believe the preferred way to implement what you're trying to do is to use env variables on the server side within getServerSideProps()/getStaticProps() methods. This should work as expected without any tricks.
But if you want to access env variables on the client you have to prefix your variable with NEXT_PUBLIC_
Please refer to official docs:
By default all environment variables loaded through .env.local are only available in the Node.js environment, meaning they won't be exposed to the browser.
In order to expose a variable to the browser you have to prefix the variable with NEXT_PUBLIC_. For example:
NEXT_PUBLIC_ANALYTICS_ID=abcdefghijk
I have searched lots of tutorials on web & Youtube, but no luck.
I want to configure Cisco switch via Ansible, I already have it setup, works flawlessly.. but I want to store the passwords (for vty lines, console, enable secret...) ideally in hosts file encrypted via Ansible-Vault as variables so in my .yml file I can access them. I want them in hosts file, because we have different passwords for ASW, DSW and CSW so it could be easier to manage.
I generated encrypted variable in CLI:
ansible-vault encrypt_string enable_password --ask-vault-pass
I copy the value to the variable in /etc/ansible/hosts:
...
[2960-X:vars]
ansible_become=yes
ansible_become_method=enable
ansible_network_os=ios
ansible_user=admin
enable_password= !vault |
$ANSIBLE_VAULT;1.1;AES256
.....
In config.yml:
- name: Set enable password
ios_config:
lines:
- enable secret "{{ enable_password }}"
Right now, the password is going to be set as " !vault |"
I am not sure if this is even best practise, I read recommendations for this but all I could find was about server automation, not networks.
I'm running Ansible 2.8.0
Any help is appreciated, thank you.
Let me quote from Variables and Vaults
When running a playbook, Ansible finds the variables in the unencrypted file and all sensitive variables come from the encrypted file.
A best practice approach for this is to start with a group_vars/ subdirectory named after the group. Inside of this subdirectory, create two files named vars and vault. Inside of the vars file, define all of the variables needed, including any sensitive ones. Next, copy all of the sensitive variables over to the vault file and prefix these variables with vault_. You should adjust the variables in the vars file to point to the matching vault_ variables using jinja2 syntax, and ensure that the vault file is vault encrypted.
This scheme isn't limited to group_vars/ only and can be applied to any place where the variables come from.
I have forked a Github repository and would like to use travis-ci, as the original repository does, to run tests when I commit. However, the AWS keys, which are encrypted, are not decrypted and keep the tests from succeeding. Since my workplace owns the original repository, I have access to whatever is needed, but am unsure what information to retrieve, where to find it, or what to do with it.
For clarity, here is the pertinent part of the .travis.yml:
env:
global:
- NODE_ENV: test
- [...]
- secure: M3YSEJnWYd[...]
- secure: kvvLABsWTq[...]
All of the environment variables are imported except the secure ones (which is to be expected, of course).
Travis documents that for security reasons secret variables are not available to forks (https://docs.travis-ci.com/user/environment-variables/#defining-encrypted-variables-in-travisyml). It should be possible though to set new secrets in travis.yml or fork‘s repo settings.