Ask HN: Are travis-ci.org secure variables really secure?
It is often useful to have access to secret keys during the execution of the script running on travis-ci.org servers.
To do so, the travis doc [1] tells us to encrypt these keys with "travis encrypt SOMEVAR=secretvalue" and publishing the encrypted text in the public .travis.yml config file. The encrypted keys are decrypted by the travis-ci.org server during the build.
Lots of people seems to use them and travis-ci.org ends up with access to millions of secret keys. To me, centralizing such a big amount of secret data in the hands of such a small organization is a really bad idea but nobody seems to care.
Should we really trust the travis secure variables?
[1] http://docs.travis-ci.com/user/encryption-keys/
3 comments
[ 4.9 ms ] story [ 23.0 ms ] thread1. http://www.quora.com/What-are-the-alternatives-to-Travis-CI