Add --env-prefix to encrypt-file command #697
Conversation
| @@ -14,6 +14,7 @@ class EncryptFile < RepoCommand | |||
| description 'encrypts a file and adds decryption steps to .travis.yml' | |||
| on '-K', '--key KEY', 'encryption key to be used (randomly generated otherwise)' | |||
| on '--iv IV', 'encryption IV to be used (randomly generated otherwise)' | |||
| on '--env-prefix ENV_PREFIX', 'prefix of the names of the encryption key/IV environment variables (randomly generated otherwise)' | |||
There was a problem hiding this comment.
Hello, there. Thanks for the PR.
I have a couple of questions:
- What does this do that the existing
--keyand--ivflags do not? - The code defines the variable, but it doesn't actually do anything. Did I miss something?
There was a problem hiding this comment.
I'd need to know the names of the two variables in advance.
At the moment, what we have before _key and _iv is really hard to be determined before running the command (their prefix is determined here).
If we let users specify this --env-prefix option, the env_prefix variable will be set to the value of it, and
@env_prefix ||= "encrypted_#{Digest.hexencode(Digest::SHA1.digest(input_path)[0..5])}"won't do anything (since env_prefix is already defined, it won't be assigned the value of what we have after the =).
There was a problem hiding this comment.
@BanzaiMan Is there something unclear with my answer?
There was a problem hiding this comment.
No, there isn't. I understand the intent now. One thing still a little uneasy is the name. env_prefix seems a little vague. Maybe arg_prefix, env_var_prefix or something like that. Maybe a short flag name would help as well.
Additionally, the help text should indicate how this would interact with -K/--key and --iv.
There was a problem hiding this comment.
One thing still a little uneasy is the name.
env_prefixseems a little vague. Maybearg_prefix,env_var_prefixor something like that.
- if users don't specify this new parameter, the name of the two variables containing the IV/key pair will be prefixed by
encrypted_followed by a SHA-1 hash (for example:encrypted_abcdef012345_iv/encrypted_abcdef012345_key) - if users use this new parameter, they'll be able to specify what should be used instead of
encrypted_abcdef012345.
So, what about enc_var_prefix ?
Maybe a short flag name would help as well.
Well, I think it'll be a rarely used argument, I don't know if it's worth reserving a short flag just for this tiny feature.
Additionally, the help text should indicate how this would interact with
-K/--keyand--iv.
Well, there's no interaction with the value of the generated variables, just with their names.
And to me the current text is quite clear about that:
prefix of the names of the encryption key/IV environment variables (randomly generated otherwise)
Do you have a better alternative to it?
There was a problem hiding this comment.
enc_var_prefix seems acceptable.
By "interaction", I mean "what would happen if both -K and this new flag is given?" (as strange as it may sound). I believe this flag overrides --key and --iv, and that should be stated.
There was a problem hiding this comment.
- the
--key(aka-K) sets the value of the encryption key - the
--ivsets the value of the encryption IV - this
--enc-var-prefixsets the prefix of the names of the two above values
Examples:
travis encrypt-file file.txt
generates two environment variables:encrypted_abcdef012345_ivwith a value generated automaticallyencrypted_abcdef012345_keywith a value generated automatically
travis encrypt-file --enc-var-prefix myprefix file.txt
generates two environment variables:myprefix_ivwith a value generated automaticallymyprefix_keywith a value generated automatically
travis encrypt-file --iv myiv --key mykey file.txt
generates two environment variables:encrypted_abcdef012345_ivwith the "myiv" valueencrypted_abcdef012345_keywith the "mykey" value
travis encrypt-file --enc-var-prefix myprefix --iv myiv --key mykey file.txt
generates two environment variables:myprefix_ivwith the "myiv" valuemyprefix_keywith the "mykey" value
As you can see, there's no interaction between --key/-K/--iv and --enc-var-prefix.
And that's quite clear to me from the description of the options:
--key: encryption key to be used (randomly generated otherwise)--iv: encryption IV to be used (randomly generated otherwise)--enc-var-prefix: prefix of the names of the encryption key/IV environment variables (randomly generated otherwise)
When running the encrypt-file command, the travis client adds two encrypted environment variables to the project configuration (for example: encrypted_123456789ab_key and encrypted_123456789ab_iv). The prefix of the name of these two variables is randomly generated. In order to specify this prefix we can now use this new --env-prefix option. For example: travis encrypt-file --env-prefix myprefix Will generate two variables named myprefix_key and myprefix_iv
mlocati
force-pushed
the
encrypt_file-custom-env-prefix
branch
from
e24d138
to
45e5efe
Compare
|
Is this PR so hard to review? One year... |
When running the
encrypt-file command, the travis client adds two encrypted environment variables to the project configuration (for example:encrypted_123456789ab_keyandencrypted_123456789ab_iv).The prefix of the name of these two variables is randomly generated.
In order to specify this prefix we can now use this new
--env-prefixoption.For example:
will generate two variables named
myprefix_keyandmyprefix_iv