Best Practices in Securing Your Data
Steps Travis CI takes to secure your data
Travis CI obfuscates secure environment variables and tokens displayed in the UI. Our documentation about encryption keys outlines the build configuration we require to ensure this, however, once a VM is booted and tests are running, we have less control over what information utilities or add-ons are able to print to the VM’s standard output.
To prevent leaks made by these components, we automatically filter secure environment variables and tokens that are longer than three characters at runtime, effectively removing them from the build log, displaying the string
Please make sure your secret is never related to the repository or branch name, or any other guessable string. Ideally use a password generation tool such as
mkpasswd instead of choosing a secret yourself.
Recommendations on how to avoid leaking secrets to build logs
Despite our best efforts, there are however many ways in which secure information can accidentally be exposed. These vary according to what tools you are using and what settings you have enabled. Some things to look out for are:
- settings which duplicate commands to standard output, such as
set -vin your bash scripts
- displaying environment variables, by running
- printing secrets within the code, for example
- using tools that print secrets on error output, such as
- git commands like
git pushmay expose tokens or other secure environment variables
- mistakes in string escaping
- settings which increase command verbosity
- testing tools or plugins that may expose secrets while operating
Preventing commands from displaying any output is one way to avoid accidentally displaying any secure information. If there is a particular command that is using secure information you can redirect its output to
/dev/null to make sure it does not accidentally publish anything, as shown in the following example:
git push url-with-secret >/dev/null 2>&1
If you think that you might have exposed secure information
As an initial step, it’s possible to delete logs containing any secure information by clicking the Remove log button on the build log page of Travis CI.
If you discover a leak in one of your build logs it’s essential that you revoke the leaked token or environment variable, and update any build scripts or commands that caused the leak.
Alternative methods of deleting logs
Rotate tokens and secrets periodically
Rotate your tokens and secrets regularly. GitHub OAuth tokens can be found in your Developer Settings on the GitHub site. Please regularly rotate credentials for other third-party services as well.
The suggestions in this document reflect general recommendations that the Travis CI team and community encourage everyone to follow. However, suggestions here are not exhaustive, and you should use your best judgement to determine security processes for your project. If you have any questions about security at Travis CI or suspect you may have found a vulnerability, please contact us at firstname.lastname@example.org.
All other questions about Travis CI should be directed to email@example.com.