Skip to content

Cloud Services

Jump to bottom
Jeff edited this page Apr 9, 2024 · 2 revisions

Because most cloud services don't give you the ability to manually send files to a deploy that aren't included in your git repo, theoretically you won't be able send your private key in order for them to be decyprted.

Fortunately Chamber gives you another option.

Once you've read up on how Chamber loads keys from environment variables, you're going to want to know how to get those environment variables to your service. Each service will have a different process but I will attempt to keep information about how to do it for the most popular services here. Feel free to submit a pull request if anything needs added or modified.

Heroku

heroku config:set --app="yourapp" CHAMBER_KEY="$(cat .chamber.pem)"

and you would repeat that command for all the keys you'd like to upload.

Travis

For Travis you actually encrypt the key file with your Travis key, then add a bit of script to your .travis.yml to make it decrypt during the build.

gem install travis

travis encrypt-file --add before_install .chamber.pem .chamber.pem.travis

The new file and changes to your .travis.yml file are then committed to the repository.

CircleCI

For CircleCI you have to know that it doesn't support multi-line environment variables, and because the keys are multi-line, you need to know what to do to deal with that.

username="jeff"
project="myproject"
circle_api_token="1234567890"

curl --request "POST" "https://circleci.com/api/v1.1/project/github/${username}/${project}/envvar?circle-token=${circle_api_token}" \
     --header  "Content-Type: application/json" \
     --verbose \
     --data    @- << EOF
       {
         "name":  "CHAMBER_KEY",
         "value": "$(cat .chamber.pem | perl -p -e 's/\n/\\n/g')"
       }
EOF

And then you have to remember to add a code snippet to your CircleCI configuration:

machine:
  post:
    - "echo 'IFS=\"|\" && export CHAMBER_KEY=\"$(echo -e $CHAMBER_KEY)\"' >> .circlerc"

to make it convert the environment variable on launch.

Kompanee Logo Copyright ©2023

  1. Release News
  2. Gem Comparison
  3. 12-Factor App Rebuttal
  4. Environment Variable Problems
    1. Lack of Complex Values
    2. Organization
    3. Environment Sharing
    4. Team Member Syncing
    5. Environment Syncing
    6. Local Settings
    7. Tracking Changes
  5. Installation
    1. Initialization
    2. In a Ruby Project
    3. In a Rails Project
    4. In a Rails Engine
    5. In a Sinatra Project
    6. In a Padrino Project
    7. In a Hanami Project
  6. Basics
    1. File Layout
    2. Defining Settings
    3. Accessing Settings
    4. Namespace Basics
      1. Inline Namespaces
      2. Host-Based Settings
    5. Encryption Basics
      1. Encrypting Your Settings
      2. Accessing Encrypted Settings
    6. Environment Variables
  7. Defining Settings
    1. ERB Preprocessing
    2. Runtime Values
    3. Dynamic Templating
  8. Accessing Settings
    1. Dig
  9. Verifying Settings
  10. Namespaces
    1. File-Based Namespaces
    2. Mix and Match
    3. Custom Namespaces
  11. Environment Variables
    1. Coercions
  12. Integrations
    1. Git Commit Hooks
    2. Cloud Services
  13. Encryption
    1. Keypair Encryption
    2. What Keys Can Do
    3. Encrypting Nested Structures
    4. Namespaced Key Pairs
    5. Re-Securing
    6. Loading Keys from ENV
  14. Advanced Usage
    1. Manually Specifying Settings Files
    2. Outputting Your Settings
    3. Specifying Multiple Namespaces
    4. Handling Duplicates/Collisions
    5. Extending Chamber
  15. Command Line Reference
    1. init
    2. show
    3. files
    4. sign
    5. secure
    6. unsecure
    7. compare
Clone this wiki locally