secure variables

tom stevens's Avatar

tom stevens

22 May, 2018 07:39 PM

I am having trouble with access to a secure variable. Sometimes the variable seems to be available and other times not. I am always trying to use it in deploy_script.
In the first method I generate a token at https://github.com/settings/tokens, then encrypt it at https://ci.appveyor.com/tools/encrypt, then insert it in appveyor.yml as shown on that page.
1. Not really an appveyor question, but do you know if the token from github is repository specific, i.e. is it good at all repositories I own and repositories I am a collaborator on?
2. When I encrypt the token, is that encryption repository specific or should it be good for all repositories I own or am a collaborator on?
3. Is the token encryption user specific? If a build is triggered by another collaborator, different from the one that generated and encrypted the token, can that build decrypt the token I generated and encrypted and placed in the shared appveyor.yml file?

In the second method I set an locked environmental variable in
https://ci.appveyor.com/project/myself/collabproject-*****/settings on the environment pane. The Github repository on the general pane is
someoneelse/collabproject, i am a collaborator but not the owner.
Will this work when the owner or other collaborator triggers builds, or do they need to also setup the variable in their settings for this repository?

  1. Support Staff 1 Posted by Ilya Finkelshte... on 22 May, 2018 10:35 PM

    Ilya Finkelshteyn's Avatar

    Hi Tom,

    • Reason you are not seeing secure variables available sometimes is probably becase they are not allowed in Pull requests for security reasons. Some details in the bottom of this part of documentation. There is a UI-only option Enable secure variables in Pull Requests from the same repository only for public projects and both Enable secure variables in all Pull Requests and Enable secure variables in Pull Requests from the same repository onlyfor private projects.

    • GitHub token is not repository specific, at least per my knowledge.

    • Encryption of secure variable is specific to AppVeyor account and unrelated to GitHub. As long as project belong to the account, and build is not a PR, build can decrypt the token.

    • Encrypting variable in UI will works too, as long as your role allows to update project setting. Common mistake here is double-encryption. If you use UI and "lock", paste clear text variable and then press "lock". Do not encrypt it with https://ci.appveyor.com/tools/encrypt in this case.

    • What are you trying to script? Maybe you can use 1st class GitHub deployment support?

  2. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:28 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac