Encrypting keys and variables

A build definition file may need to include sensitive information, such as SSH keys or passwords that are needed to access private resources, but you do not want to include these in plain text in your build definition file. You can encrypt this sensitive information, and then use the encrypted value in a secure element in the build definition file.

Encrypting your information

You can use either the Acquia Cloud interface or the command line to encrypt your variables and keys that are to be stored with your codebase. Follow the procedures based on your selected method:

  • Using the Acquia Cloud interface
    1. Sign in to the Acquia Cloud interface.
    2. Select the application that you want to use.
    3. In the left menu, click Pipelines.
    4. Click More Links.

      More Links icon

    5. Click Encrypt Credentials.
    6. To encrypt an environment variable, click Environment Variable, and type the name of your variable and its value into the fields provided.
    7. To encrypt an SSH key, click SSH Keys, and then use one of the following methods to provide the contents of your key:
      • Drag your key into the box to copy its contents; the field will turn blue to indicate when you've dragged it to the correct place.
      • Copy and paste the contents of your key into the field.
    8. Click Encrypt. The encrypted version of your information will appear in the box to the right.
    9. Click the Copy icon Copy icon to copy the encrypted information to your clipboard.
    10. Click Close.
  • Using the command line
    To encrypt an SSH private key, execute the following command, replacing [~/.ssh/id_rsa] with the actual path to the SSH private key you want to encrypt:

    cat [~/.ssh/id_rsa] | pipelines encrypt -

    To encrypt arbitrary text (such as a password), use the following command, replacing my password (but not the enclosing quotation marks) with your text:

    echo “my password” | pipelines encrypt -

You are now ready to add your encrypted information to your code repository.

Placing encrypted information in your codebase

Regardless of what encrypted information you are adding to your codebase, after adding the information, be sure to commit your changes to your code repository.

Encrypted SSH keys should be stored in the ssh-keys element of your acquia-pipelines.yaml file with a name of your choosing. For example:

ssh-keys:
  mykey:
    secure: 2acIshWAndTh1sG0esOn . . . 

The decrypted SSH private key will then be available during your build.

Encrypted variables should be stored in the variables element of your acquia-pipelines.yaml file with a variable name of your choosing. For example:

variables:
  global:
    PASSWORD:
      secure: 2acqDl…

The decrypted value will be available as an environment variable during your build.

Contact supportStill need assistance? Contact Acquia Support