Patrick LaRocheEngineering @ Manifold

Manifold & Travis CI — Manage your secrets without the hassle

At Manifold we use a lot of third-party services in our applications. Each of these services has corresponding secrets that they make available to us. Imagine usernames, passwords, API keys or unique urls. Along with these secrets, we also use some configuration variables in our code, for example abase_url, etc.

Getting all of these required bits of information into our applications becomes annoying, especially when trying to keep them up to date and also secret.

In the case of Travis CI, a typical use case would have us encrypt our secrets and then place them into our .travis.yml file. This creates a problem. Now every time we now need to rotate a secret or we add a service to our stack, we have to go ahead and modify our .travis.yml file. When you’re encrypting your secrets (as you should), it’s near impossible to know what line in the file to modify with a new secret. You end up going back through the entire process of encrypting the credentials over again just to make sure the correct one is updated.

Manifold makes this entire process a heck of a lot easier. Using Manifold Services or Custom Configuration objects, all of your secrets and configs are automatically injected into your application at run time.

Once you have your secrets collected on in a project in Manifold, you can follow the steps below to inject them into Travis CI’s ENV without you having to encrypt them or manage them via a .travis.yml file.

First, add your Manifold API key as a secret in the .travis.yml file using the variable name MANIFOLD_API_TOKEN. This will be the only secret needed, making management of it much easier. (Learn how to get an API token here .)

Second, in the pre install section of your .travis.yml file place:

1- curl -o- []( | bash
3- export PATH=$PATH:$HOME/.manifold/bin/

And finally third, in the install section of your .travis.yml file

1- manifold -p your_project_name run npm build

This connects to Manifold using your API key. It then retrieves all of the secrets and configuration you have in your project and injects them into the environment before calling npm run. Now we can update any secret or configuration in our project without having to touch the .travis.yml. The new values will be used the next time manifold run is triggered.

You can read more about here CLI here, where my coworker Jeff walks us through how powerful it is. Or checkout our Kubernetes and Terraform integration announcement here.

Stratus Background

Sign up for the Stratus Update newsletter

With our monthly newsletter, we’ll keep you up to date with a curated selection of the latest cloud services, projects and best practices.
Click here to read the latest issue.