dpl: S3 deploy errors with SignatureDoesNotMatch

I think this may be a compound issue depending on your setup, with AWS with no fix-all solution.

We had this issue building for both iOS and Android. It was building our Android build a week ago fine.

We had tried changing the version of the AWS SDK and it always fell through to the backwards compatibility v1 of the SDK which then failed.

We did get it working by encrypting the keys using:

travis encrypt XXXXXXXXXXXXXXX --add deploy.secret_access_key

instead of:

travis encrypt secret_access_key=XXXXXXXXXXXX --add deploy.secret_access_key

Finally solved this problem for my deploy.

Had to do this:

travis encrypt XXXXXXXXXXXXXXX

instead of:

travis encrypt secret_access_key=XXXXXXXXXXXX

This is different to what the documentation says:

https://docs.travis-ci.com/user/environment-variables/#encrypting-environment-variables

Ah, I stumbled across this problem and spent hours with no progress at all…

I found one advise in #602: if the generated secret key contains “+” or “/” characters, this error will occur. Simply regenerating keys should have solved it, but it didn’t.

In the end I added the keys as env variables directly in Travis. This was the only way that worked.

I finally got it to work. I did a bunch of stuff but in my case I think it might have been user error. I deleted and re-gen’ed all my keys and moved the repo from private to public, but still no luck. The trick was travis encrypt --add deploy.secret_access_key != travis encrypt secret_access_key=secretvalue + copy. I had setup a similar deploy several months back so looking at that file I just googled travis secure and was taken to http://docs.travis-ci.com/user/encryption-keys/, to which I was like, this is what I must have done to generate the secure: field since I couldn’t remember. When I ran the travis encrypt command it prints out something that looks like I must have copied into the deploy section of the other script so I just replaced the secure section. I randomly ran across http://docs.travis-ci.com/user/deployment/s3/ which gave me the correct encrypt command.

A better error from travis would be nice, or maybe some validation check with travis lint which said everything was fine.

I ran into this problem. Below is my fix. Hopefully you too can save ~45 minutes of your time.

What ended up working for me was to generate a new access key without a “+” character in it. Then I went into my repository settings in the travis web UI and added an environment variable with my access key. I ended up hardcoding the key ID into my .travis.yml file.

Here is the deploy section of my .travis.yml file:

deploy:
  provider: s3
  access_key_id: <hidden>
  secret_access_key: $SECRET_ACCESS_KEY #this is an environment variable I made in the settings of my repository on the travis website
  bucket: <hidden>
  local-dir: public
  skip_cleanup: true
  region: us-east-1

this works for us:

travis setup s3 --force

In my case I got it working setting the two environment variables in travis for my repository: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. and this is how my .travis.xml file looks like:

language: node_js

node_js:
- '6'

script: npm run build

deploy:
  provider: s3
  access_key_id: $AWS_ACCESS_KEY_ID
  secret_access_key: $AWS_SECRET_ACCESS_KEY
  bucket: dev.1989generationinitiative.org
  skip_cleanup: true
  region: eu-central-1
  local_dir: dist
  cache_control: max-age=604800

cache:
  yarn: true
  directories:
  - node_modules