Encrypting and Decrypting Files and Other Sensitive Data Using Codeship

Codeship is an amazing continuous integration and deployment platform that has a
lot of flexibility. The problem that I have been having is I need to be able to
encrypt and decrypt secrets such as SSL Certs and other private keys. I will
show you how you can use OpenSSL to encrypt various files and use the same to
decrypt them on Codeship.

This all started because I have been using [Terraform] to automate infrastructure
within AWS. I make an update to some configuration files and the infrastructure
is updated. The reason for this is because I am in charge of LOTS of client’s
servers and other services related to eCommerce. Instead of setting their
environment up by hand, I want to have a way to repeat the setup and to be able
to use it for many other clients.

So here is where my problem starts to become obvious. SSL Certs for sites are
all different and I need those certs to setup a load balancer for HTTPS. I also
need these certs in other places.

First we need a [Shared Secret] that we will set as an environment variable
within the Project at Codeship. To generate one, we can use OpenSSL!

{% highlight bash %}
openssl rand -base64 128 | tr -d ‘\n’
{% endhighlight %}

Now that we have a shared secret, put this into an environment variable for your
Codeship project. Next we will look at how to encrypt some files.

{% highlight bash %}
openssl aes-256-cbc -a -e -in FILE.EXT -out FILE.EXT.encrypted
{% endhighlight %}

This will ask you for a password, use the string that was randomly generated.

You will now need a script that is able to decrypt that file. This can be done
by using the following code in a bash script.

{% highlight bash %}
openssl aes-256-cbc -a -d -pass env:PASSPHRASE -in FILE.EXT.encrypted -out FILE.EXT
{% endhighlight %}

This code assumes that you named your environment variable `PASSPHRASE`. If you
have that as something else, you can just change that.

So that’s it! It’s that easy. This can be used for doing other things as well or
using something similar in a different environment.

[Terraform]: https://terraform.io/
[Shared Secret]: https://en.wikipedia.org/wiki/Shared_secret