Using git-secret, I've encrypted several API keys that I need for my application. Now, I'm trying to integrate with Travis CI to deploy, and I need Travis to be able to unencrypt these files and reveal them.
To do this, I've created a new key pair, used that to encrypt all my files, then added both the public and private keys into my repo (with the private key encrypted by Travis CI). I can then add both keys into gpg with the following commands:
gpg --import travis.key
echo $SECRET_PASSWORD | gpg --batch --import travis.privatekey
However, when I try and decrypt these files with git-secret reveal -p $SECRET_PASSWORD, I get the following error:
git-secret: abort: no public keys for users found. run 'git secret tell email@address'.
It looks like either the keys I'm adding aren't getting added, or the keyring they're added to isn't getting used. I've tried this in my own docker images, and this works fine, so I can't figure out why Travis would work differently
Dockerfile used for testing below:
FROM ubuntu
RUN apt-get update && apt-get install git-secret -y
COPY travis.key .
COPY travis.privatekey .
After building, I was able to start the docker image, import the keys from bash, checkout my repo, and reveal the secrets as expected using echo $SECRET_PASSWORD | gpg --batch --import travis.privatekey