At our university we are currently developing an open-source project as part of a project course. We maintain a "private" Slack for our institution, and we do not have one for the project alone. Hence, we have several channels that have nothing to do with the project.
Since Travis CI does not support emailing all members of an organization of failing builds we are exploring integrating Slack with Travis CI.
However, the Travis <-> Slack token is "semi-secret", therefore we'd hate to have our Slack hijacked by putting the token inside our .travis.yml which is version-controlled alongside the rest of the project.
Both Travis CI and Slack encourages encrypting the token, but it is unclear if this makes it safe to include the token in the version controlled .travis.yml.
Is it feasible to create a Slack <-> Travis integration when the Slack is not entirely dedicated to the project? Would environment variables be adequate to address our security concerns?
Yes, storing a strongly encrypted Slack token in the travis.yml is accepted practice. Once you have added the Travis-CI integration into the Slack and have the token, it is necessary to use the cli command "encrypt" to insert a new section notifications: slack: secure into the travis.yml.
You run this command from your local git repo folder, with the token from Slack:-
travis encrypt "myaccount:aa1BBBBBcCCCC111122" --add notifications.slack
See also : https://docs.travis-ci.com/user/notifications/#Slack-notifications
As you mentioned about a shared team, you can target the relevant channel/channels inside the team project, making sure these get encrypted with travis encrypt "account:token#channel" --add notifications.slack.rooms :-
notifications:
slack: '<account>:<token>#development'
The encryption private/public key is per repo.
For reference you can see how the encryption is being implemented as you can verify that it meets your organisation's security standard :- https://github.com/travis-ci/travis.rb/blob/master/lib/travis/cli/encrypt.rb