Expansion from within the immediate shell
Assuming sh here is a fastlane command that invokes a shell command with this argument as script text:
Note that if this is literally called as the command line for /bin/sh , this will require the -c argument:
# in other contexts sh -c './decrypt.sh "$ENCRYPTION_P12"'
Please note that this absolutely depends on ENCRYPTION_P12 , which is an environment variable, i.e. export ed for the environment with which it was installed.
Extension Inside Invoked Script
However, if you have an environment variable, you have a better option: just use it.
That is, inside decrypt.sh you can refer to "$ENCRYPTION_P12" without explicitly specifying, since the shell implicitly imports all environment variables as shell variables - and they are passed to the child processes without any explicit necessary actions.
What to avoid: shell injection attacks
Finally, aside: a dangerous way to do this would be something like:
# INSECURE: DO NOT DO THIS sh "./decrypt.sh #{ENV['ENCRYPTION_P12']}"
or
# STILL INSECURE sh "./decrypt.sh \"#{ENV['ENCRYPTION_P12'}\""
or
# STILL INSECURE sh "./decrypt.sh '#{ENV['ENCRYPTION_P12'}'"
... thereby substituting a value in your generated string at the Ruby level. This is dangerous, however, since this string is parsed as code - this means that the contents of ENCRYPTION_P12 can be used in shell attacks.
For example, consider a case (given below in bash syntax):
# this will make any of the above do Very Evil Things ENCRYPTION_P12=$'$(rm -rf ~)\'$(rm -rf ~)\''
... for which both rm will be executed if they are directly replaced by the generated shell script (as opposed to the extended parameter when expanding - '${foo}' ), which occurs after the extension phases that make this dangerous one already passed) .