I am trying to build a project on CircleCI that needs access to a secure file. I cannot use an environment variable, it must be in the form of a file. In my case it is specifically a Maven settings.xml file, but there are other use cases. What can I do?
There are actually quite a few solutions to this problem:
File as Environment Variable
If the contents of the file are short (just a password for example), you can store the entire file as an environment variable, and then add a line like this to your circle.yaml build file:
echo $SECURE_FILE > mySecureFile
Variable Substitution
If the contents of the file are large, but only a small portion of the file is secure, you can store the file in your code repository, and then use sed to replace a fixed string with an environment variable, like this:
sed -e s/SECURE_PASSWORD/${SECURE_PASSWORD}/g mySecureFile.tmpl > mySecureFile
Encrypt the File
You can encrypt your config file and check it into your source repository, then store the decryption key as an environment variable. Decrypt it during the build process.
Maven Settings.xml Special Case
For the special case of Maven settings.xml files, you can use environment variables in your settings.xml, so you can do something like this:
${env.MY_SECURE_TEXT} MY_SECURE_TEXT in the circle CI configuration