Encrypting and Decrypting Files and Other Sensitive Data Using Codeship


Codeship is an amazing continuous integration and deployment platform that has a lot of flexibility. The problem that I have been having is I need to be able to encrypt and decrypt secrets such as SSL Certs and other private keys. I will show you how you can use OpenSSL to encrypt various files and use the same to decrypt them on Codeship.

This all started because I have been using Terraform to automate infrastructure within AWS. I make an update to some configuration files and the infrastructure is updated. The reason for this is because I am in charge of LOTS of client’s servers and other services related to eCommerce. Instead of setting their environment up by hand, I want to have a way to repeat the setup and to be able to use it for many other clients.

So here is where my problem starts to become obvious. SSL Certs for sites are all different and I need those certs to setup a load balancer for HTTPS. I also need these certs in other places.

First we need a Shared Secret that we will set as an environment variable within the Project at Codeship. To generate one, we can use OpenSSL!

openssl rand -base64 128 | tr -d '\n'

Now that we have a shared secret, put this into an environment variable for your Codeship project. Next we will look at how to encrypt some files.

openssl aes-256-cbc -a -e -in FILE.EXT -out FILE.EXT.encrypted

This will ask you for a password, use the string that was randomly generated.

You will now need a script that is able to decrypt that file. This can be done by using the following code in a bash script.

openssl aes-256-cbc -a -d -pass env:PASSPHRASE -in FILE.EXT.encrypted -out FILE.EXT

This code assumes that you named your environment variable PASSPHRASE. If you have that as something else, you can just change that.

So that’s it! It’s that easy. This can be used for doing other things as well or using something similar in a different environment.