I've tried a variety of solutions and I can't find something that works. My problem is that I want to be able to put a deployment key (what GitHub calls a personal authorization token or personal OAuth token) into an encrypted variable in my Travis settings for the repository so that the configuration file never has to change. For example, I'd like to do this:
deploy:
api_key:
secure: $DEPLOYMENT_KEY
I could now checkin code that doesn't need to be changed in order to be deployed. If multiple people were to fork my repository, they could simply add their own Travis variable and not touch the code at all.
However, I've been unsuccessful in getting this to work. What sequence would accomplish this, if it's possible at all?
I accepted the answer below that put me on the right track, although the actual text that I needed in my configuration file wasn't shown. I've put it here:
deploy:
api_key: $DEPLOYMENT_KEY
I had a "eureka!" moment and realized that any subway of 'secure:' could be replaced with an actual unencrypted value, which is what Travis inserts when you substitute an encrypted variable. (It does the decryption and puts the result into the variable, which is then substituted into the api_key by the dollar sign.)
You cannot write:
deploy:
api_key:
secure: $DEPLOYMENT_KEY
Decryption happens in an early stage of Travis CI build processing; the encrypted value will be passed on to the app which compiles the bash script to build. Since the part that is responsible for decrypting secrets doesn't know anything about $DEPLOYMENT_KEY, this configuration will fail.
To achieve what you are after, you can use the repository settings to define secrets. See https://docs.travis-ci.com/user/environment-variables#Defining-Variables-in-Repository-Settings.