Manifold & Travis CI — Manage your secrets without the hassle

At Manifold we use a lot of third-party services in our applications. Each of these services has corresponding secrets that they make available to us. Imagine usernames, passwords, API keys or unique urls. Along with these secrets, we also use some configuration variables in our code, for example abase_url, etc.

Getting all of these required bits of information into our applications becomes annoying, especially when trying to keep them up to date and also secret.

In the case of Travis CI, a typical use case would have us encrypt our secrets and then place them into our `.travis.yml` file. This creates a problem. Now every time we now need to rotate a secret or we add a service to our stack, we have to go ahead and modify our `.travis.yml` file. When you’re encrypting your secrets (as you should), it’s near impossible to know what line in the file to modify with a new secret. You end up going back through the entire process of encrypting the credentials over again just to make sure the correct one is updated.

Manifold makes this entire process a heck of a lot easier. Using Manifold Services or Custom Configuration objects, all of your secrets and configs are automatically injected into your application at run time.

Once you have your secrets collected on in a project in Manifold, you can follow the steps below to inject them into Travis CI’s ENV without you having to encrypt them or manage them via a `.travis.yml` file.

First, add your Manifold API key as a secret in the `.travis.yml` file using the variable name `MANIFOLD_API_TOKEN`. This will be the only secret needed, making management of it much easier. (Learn how to get an API token here .)

Second, in the pre install section of your `.travis.yml` file place:


- curl -o- | bash
- export PATH=$PATH:$HOME/.manifold/bin/


And finally third, in the install section of your `.travis.yml` file:


- manifold -p your_project_name run npm build


This connects to Manifold using your API key. It then retrieves all of the secrets and configuration you have in your project and injects them into the environment before calling `npm run`. Now we can update any secret or configuration in our project without having to touch the `.travis.yml`. The new values will be used the next time manifold run is triggered.

You can read more about here CLI here, where my coworker Jeff walks us through how powerful it is. Or checkout our Kubernetes and Terraform integration here.

Recent posts

Related posts

No items found.