Menu
Is there a sanctioned way to either script or bypass the Heroku Toolbelt's login prompt? I've come across a number of hacks which claim to provide a solution (expect, environment variables, interpolating environment variables in .netrc, etc.), but I'd really like to find a stable solution.
340
Get Started with the Heroku CLI After you install the CLI, run the heroku login command. Enter any key to go to your web browser to complete login. The CLI then logs you in automatically. If you'd prefer to stay in the CLI to enter your credentials, run heroku login -i .
You can use the flag -i with the CLI login command which will prompt you to enter your credentials on the CLI itself without using a browser.
Double check that there are no typos in your password as well. Reset your password and try logging in with the new password. Try using a different email address. Try using an email alias with a plus sign if you might have signed up using an alias such as [email protected] instead of just [email protected].
From what I see in the docs, there's three ways one can go about this.
The first one is to authenticate via Login&Password (bleh). Knowing the input format - login on one line, password on the other - we can cat or echo the data in:
Via secure env vars:
(
echo "$HEROKU_CREDENTIALS_EMAIL" # or you can plaintext it, if you're feeling adventurous
echo "$HEROKU_CREDENTIALS_PASSWORD"
) | heroku login
Highlighted the important parts (variable names and security).
Or via an encrypted file:
Prepare a file named .heroku_cred in the repo root:
[email protected]
IAmPdohertyAndThisIsMyPasswordIWorkHereWithMyOldMan
Then encrypt it:
travis encrypt-file .heroku_cred
That'll give you two things: a file named .heroku_cred.enc in the repo root and a command that'll decrypt the file on Travis. git add the encrypted file (be careful to not grab the unencrypted file by accident!) and add the command to before_install. Then, to the place where you want to authenticate with Heroku add:
cat .heroku_cred | heroku login
Now, this method sucks for two reasons: first, you're using your literal password, which is terrible, because if it leaks you're 100% fucked and if you ever change it your builds will start spuriously failing.
The next method is using the HEROKU_API_KEY env var, which might "interfere with the normal functioning of auth commands", but that doesn't matter, because you're not authenticating in other ways anyway.
Doing this requires no changes to .travis.yml, only a secure environment variable named HEROKU_API_KEY containing the output from
heroku auth:token
Ran on your machine (where you're probably authenticated).
Highlighted the important parts (variable names and security).
This method combines both security (OAuth token used, which can just be revoked) and simplicity of setup.
There's the third way, too: using ~/.netrc, which'll cooperate with the whole ecosystem as if you authenticated via the CLI with username and password (but you're using an OAuth token instead, which is better).
The steps to follow on this one are similar to 1.2:
First create a file named .heroku-netrc, which contains the part of your ~/.netrc responsible for authenticating with Heroku (details) like this:
machine api.heroku.com
login [email protected]
password c4cd94da15ea0544802c2cfd5ec4ead324327430
machine git.heroku.com
login [email protected]
password c4cd94da15ea0544802c2cfd5ec4ead324327430
Then, to encrypt it, run:
travis encrypt .heroku-netrc
You'll get a decryption command (add it to before_install) and .heroku-netrc.enc, which you should git add (be careful not to add the unencrypted .heroku-netrc). Afterwards, add this to the install step:
cat .heroku-netrc >> $HOME/.netrc
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
