ci: remove ejson (#30653)
This commit is contained in:
parent
4a94eeee5e
commit
04e52f5475
|
@ -1 +0,0 @@
|
||||||
/secrets_unencrypted.ejson
|
|
|
@ -1,31 +0,0 @@
|
||||||
|
|
||||||
[ejson](https://github.com/Shopify/ejson) and
|
|
||||||
[ejson2env](https://github.com/Shopify/ejson2env) are used to manage access
|
|
||||||
tokens and other secrets required for CI.
|
|
||||||
|
|
||||||
#### Setup
|
|
||||||
```bash
|
|
||||||
$ sudo gem install ejson ejson2env
|
|
||||||
```
|
|
||||||
|
|
||||||
then obtain the necessary keypair and place it in `/opt/ejson/keys/`.
|
|
||||||
|
|
||||||
#### Usage
|
|
||||||
Run the following command to decrypt the secrets into the environment:
|
|
||||||
```bash
|
|
||||||
eval $(ejson2env secrets.ejson)
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Managing secrets.ejson
|
|
||||||
To decrypt `secrets.ejson` for modification, run:
|
|
||||||
```bash
|
|
||||||
$ ejson decrypt secrets.ejson -o secrets_unencrypted.ejson
|
|
||||||
```
|
|
||||||
|
|
||||||
Edit, then run the following to re-encrypt the file **BEFORE COMMITING YOUR
|
|
||||||
CHANGES**:
|
|
||||||
```bash
|
|
||||||
$ ejson encrypt secrets_unencrypted.ejson
|
|
||||||
$ mv secrets_unencrypted.ejson secrets.ejson
|
|
||||||
```
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
{
|
|
||||||
"_public_key": "ae29f4f7ad2fc92de70d470e411c8426d5d48db8817c9e3dae574b122192335f",
|
|
||||||
"_comment": "These credentials are encrypted and pose no risk",
|
|
||||||
"environment": {
|
|
||||||
"CODECOV_TOKEN": "EJ[1:KToenD1Sr3w82lHGxz1n+j3hwNlLk/1pYrjZHlvY6kE=:hN1Q25omtJ+4yYVn+qzIsPLKT3O6J9XN:DMLNLXi/pkWgvwF6gNIcNF222sgsRR9LnwLZYj0P0wGj7q6w8YQnd1Rskj+sRroI/z5pQg==]"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,8 +1,6 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# eval "$(ejson2env .buildkite/env/secrets.ejson)"
|
|
||||||
|
|
||||||
# Ensure the pattern "+++ ..." never occurs when |set -x| is set, as buildkite
|
# Ensure the pattern "+++ ..." never occurs when |set -x| is set, as buildkite
|
||||||
# interprets this as the start of a log group.
|
# interprets this as the start of a log group.
|
||||||
# Ref: https://buildkite.com/docs/pipelines/managing-log-output
|
# Ref: https://buildkite.com/docs/pipelines/managing-log-output
|
||||||
|
|
Loading…
Reference in New Issue