It is often useful to have access to secret keys during the execution of the script running on travis-ci.org servers.<p>To do so, the travis doc [1] tells us to encrypt these keys with "travis encrypt SOMEVAR=secretvalue" and publishing the encrypted text in the public .travis.yml config file. The encrypted keys are decrypted by the travis-ci.org server during the build.<p>Lots of people seems to use them and travis-ci.org ends up with access to millions of secret keys. To me, centralizing such a big amount of secret data in the hands of such a small organization is a really bad idea but nobody seems to care.<p>Should we really trust the travis secure variables?<p>[1] http://docs.travis-ci.com/user/encryption-keys/
If it makes you nervous, switch to a hosted solution[1]. There will apparently be a hosted "Travis Pro" at some point in the future as well.<p>1. <a href="http://www.quora.com/What-are-the-alternatives-to-Travis-CI" rel="nofollow">http://www.quora.com/What-are-the-alternatives-to-Travis-CI</a>