aspera-cli 4.10.0 → 4.12.0

data/lib/aspera/fasp/resume_policy.rb

@@ -20,36 +20,36 @@ module Aspera
         @parameters = DEFAULTS.dup
         if !params.nil?
           raise "expecting Hash (or nil), but have #{params.class}" unless params.is_a?(Hash)
-          params.each do |k,v|
-            raise "unknown resume parameter: #{k}, expect one of #{DEFAULTS.keys.map(&:to_s).join(',')}" unless DEFAULTS.has_key?(k)
+          params.each do |k, v|
+            raise "unknown resume parameter: #{k}, expect one of #{DEFAULTS.keys.map(&:to_s).join(',')}" unless DEFAULTS.key?(k)
             raise "#{k} must be Integer" unless v.is_a?(Integer)
             @parameters[k] = v
           end
         end
-        Log.log.debug("resume params=#{@parameters}")
+        Log.log.debug{"resume params=#{@parameters}"}
       end
 
       # calls block a number of times (resumes) until success or limit reached
       # this is re-entrant, one resumer can handle multiple transfers in //
       def execute_with_resume
-        raise 'block manndatory' unless block_given?
+        raise 'block mandatory' unless block_given?
         # maximum of retry
         remaining_resumes = @parameters[:iter_max]
         sleep_seconds = @parameters[:sleep_initial]
-        Log.log.debug("retries=#{remaining_resumes}")
-        # try to send the file until ascp is succesful
+        Log.log.debug{"retries=#{remaining_resumes}"}
+        # try to send the file until ascp is successful
         loop do
-          Log.log.debug('transfer starting');
+          Log.log.debug('transfer starting')
           begin
             # call provided block
             yield
             break
           rescue Fasp::Error => e
-            Log.log.warn("An error occurred: #{e.message}");
+            Log.log.warn{"An error occurred: #{e.message}"}
             # failure in ascp
             if e.retryable?
               # exit if we exceed the max number of retry
-              raise Fasp::Error,'Maximum number of retry reached' if remaining_resumes <= 0
+              raise Fasp::Error, 'Maximum number of retry reached' if remaining_resumes <= 0
             else
               # give one chance only to non retryable errors
               unless remaining_resumes.eql?(@parameters[:iter_max])
@@ -61,7 +61,7 @@ module Aspera
 
           # take this retry in account
           remaining_resumes -= 1
-          Log.log.warn("resuming in  #{sleep_seconds} seconds (retry left:#{remaining_resumes})");
+          Log.log.warn{"resuming in  #{sleep_seconds} seconds (retry left:#{remaining_resumes})"}
 
           # wait a bit before retrying, maybe network condition will be better
           sleep(sleep_seconds)

data/lib/aspera/fasp/transfer_spec.rb

@@ -16,10 +16,30 @@ module Aspera
         'fasp_port'   => UDP_PORT
       }.freeze
       # define constants for enums of parameters: <paramater>_<enum>, e.g. CIPHER_AES_128
-      Aspera::Fasp::Parameters.description.each do |k,v|
+      Aspera::Fasp::Parameters.description.each do |k, v|
         next unless v[:enum].is_a?(Array)
         v[:enum].each do |enum|
-          TransferSpec.const_set("#{k.to_s.upcase}_#{enum.upcase.gsub(/[^A-Z0-9]/,'_')}", enum.freeze)
+          TransferSpec.const_set("#{k.to_s.upcase}_#{enum.upcase.gsub(/[^A-Z0-9]/, '_')}", enum.freeze)
+        end
+      end
+      class << self
+        def action_to_direction(tspec, command)
+          raise 'transfer spec must be a Hash' unless tspec.is_a?(Hash)
+          tspec['direction'] = case command.to_sym
+          when :upload then DIRECTION_SEND
+          when :download then DIRECTION_RECEIVE
+          else raise 'Error: upload or download only'
+          end
+          return tspec
+        end
+
+        def action(tspec)
+          raise 'transfer spec must be a Hash' unless tspec.is_a?(Hash)
+          return case tspec['direction']
+                 when DIRECTION_SEND then :upload
+                 when DIRECTION_RECEIVE then :download
+                 else raise 'Error: upload or download only'
+                 end
         end
       end
     end

data/lib/aspera/fasp/uri.rb

@@ -5,10 +5,10 @@ require 'aspera/command_line_builder'
 
 module Aspera
   module Fasp
-    # translates a "faspe:" URI (used in Faspex) into transfer spec hash
+    # translates a "faspe:" URI (used in Faspex 4) into transfer spec hash
     class Uri
       def initialize(fasplink)
-        @fasp_uri = URI.parse(fasplink.gsub(' ','%20'))
+        @fasp_uri = URI.parse(fasplink.gsub(' ', '%20'))
         # TODO: check scheme is faspe
       end
 
@@ -34,16 +34,16 @@ module Aspera
           when 'minrate' then result_ts['min_rate_kbps'] = value.to_i
           when 'port' then result_ts['fasp_port'] = value.to_i
           when 'bwcap' then result_ts['target_rate_cap_kbps'] = value.to_i
-          when 'enc' then result_ts['cipher'] = value.gsub(/^aes/,'aes-').gsub(/cfb$/,'-cfb').gsub(/gcm$/,'-gcm').gsub(/--/,'-')
+          when 'enc' then result_ts['cipher'] = value.gsub(/^aes/, 'aes-').gsub(/cfb$/, '-cfb').gsub(/gcm$/, '-gcm').gsub(/--/, '-')
           when 'tags64' then result_ts['tags'] = JSON.parse(Base64.strict_decode64(value))
           when 'createpath' then result_ts['create_dir'] = CommandLineBuilder.yes_to_true(value)
           when 'fallback' then result_ts['http_fallback'] = CommandLineBuilder.yes_to_true(value)
           when 'lockpolicy' then result_ts['lock_rate_policy'] = CommandLineBuilder.yes_to_true(value)
           when 'lockminrate' then result_ts['lock_min_rate'] = CommandLineBuilder.yes_to_true(value)
-          when 'auth' then Log.log.debug("ignoring auth #{name}=#{value}") # TODO: translate into transfer spec ? yes/no
-          when 'v' then Log.log.debug("ignoring v #{name}=#{value}") # TODO: translate into transfer spec ? 2
-          when 'protect' then Log.log.debug("ignoring protect #{name}=#{value}") # TODO: translate into transfer spec ?
-          else Log.log.warn("URI parameter ignored: #{name} = #{value}")
+          when 'auth' then Log.log.debug{"ignoring auth #{name}=#{value}"} # TODO: translate into transfer spec ? yes/no
+          when 'v' then Log.log.debug{"ignoring v #{name}=#{value}"} # TODO: translate into transfer spec ? 2
+          when 'protect' then Log.log.debug{"ignoring protect #{name}=#{value}"} # TODO: translate into transfer spec ?
+          else Log.log.warn{"URI parameter ignored: #{name} = #{value}"}
           end
         end
         return result_ts

data/lib/aspera/faspex_gw.rb

@@ -1,174 +1,95 @@
 # frozen_string_literal: true
 
+require 'aspera/web_server_simple'
 require 'aspera/log'
-require 'aspera/aoc'
-require 'aspera/fasp/transfer_spec'
-require 'aspera/cli/main'
-require 'webrick'
-require 'webrick/https'
-require 'securerandom'
-require 'openssl'
 require 'json'
 
 module Aspera
   # this class answers the Faspex /send API and creates a package on Aspera on Cloud
-  class FaspexGW
-    class FxGwServlet < WEBrick::HTTPServlet::AbstractServlet
-      def initialize(_server, a_aoc_api_user, a_workspace_id)
-        super
-        @aoc_api_user = a_aoc_api_user
-        @aoc_workspace_id = a_workspace_id
-      end
-
-      # parameters from user to Faspex API call
-      # {"delivery":{"use_encryption_at_rest":false,"note":"note","sources":[{"paths":["file1"]}],"title":"my title","recipients":["email1"],"send_upload_result":true}}
-      #    {
-      #      "delivery"=>{
-      #      "use_encryption_at_rest"=>false,
-      #      "note"=>"note",
-      #      "sources"=>[{"paths"=>["file1"]}],
-      #      "title"=>"my title",
-      #      "recipients"=>["email1"],
-      #      "send_upload_result"=>true
-      #      }
-      #    }
-      def process_faspex_send(request, response)
-        raise 'no payload' if request.body.nil?
-
-        faspex_pkg_parameters = JSON.parse(request.body)
-        faspex_pkg_delivery = faspex_pkg_parameters['delivery']
-        Log.log.debug("faspex pkg create parameters=#{faspex_pkg_parameters}")
-
-        # get recipient ids
-        files_pkg_recipients = []
-        faspex_pkg_delivery['recipients'].each do |recipient_email|
-          user_lookup = @aoc_api_user.read('contacts',
-            { 'current_workspace_id' => @aoc_workspace_id, 'q' => recipient_email })[:data]
-          raise StandardError,
-            "no such unique user: #{recipient_email} / #{user_lookup}" unless !user_lookup.nil? && user_lookup.length.eql?(1)
-
-          recipient_user_info = user_lookup.first
-          files_pkg_recipients.push({
-            'id'   => recipient_user_info['source_id'],
-            'type' => recipient_user_info['source_type']
-          })
-        end
-
-        #  create a new package with one file
-        the_package = @aoc_api_user.create('packages', {
-          'file_names'   => faspex_pkg_delivery['sources'][0]['paths'],
-          'name'         => faspex_pkg_delivery['title'],
-          'note'         => faspex_pkg_delivery['note'],
-          'recipients'   => files_pkg_recipients,
-          'workspace_id' => @aoc_workspace_id
-        })[:data]
-
-        #  get node information for the node on which package must be created
-        node_info = @aoc_api_user.read("nodes/#{the_package['node_id']}")[:data]
-
-        #  get transfer token (for node)
-        node_auth_bearer_token = @aoc_api_user.oauth_token(scope: AoC.node_scope(node_info['access_key'],
-          AoC::SCOPE_NODE_USER))
-
-        # tell Files what to expect in package: 1 transfer (can also be done after transfer)
-        @aoc_api_user.update("packages/#{the_package['id']}", { 'sent' => true, 'transfers_expected' => 1 })
-
-        # to return an error:
-        # response.status=400
-        # return 'ERROR HERE'
-
-        # TODO: check about xfer_*
-        ts_tags = {
-          'aspera' => {
-            'files'      => { 'package_id' => the_package['id'], 'package_operation' => 'upload' },
-            'node'       => { 'access_key' => node_info['access_key'], 'file_id' => the_package['contents_file_id'] },
-            'xfer_id'    => SecureRandom.uuid,
-            'xfer_retry' => 3600
-          }
-        }
-        # this transfer spec is for transfer to AoC
-        faspex_transfer_spec = {
-          'direction'              => 'send',
-          'remote_host'            => node_info['host'],
-          'remote_user'            => Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER,
-          'ssh_port'               => Fasp::TransferSpec::SSH_PORT,
-          'fasp_port'              => Fasp::TransferSpec::UDP_PORT,
-          'tags'                   => ts_tags,
-          'token'                  => node_auth_bearer_token,
-          'paths'                  => [{ 'destination' => '/' }],
-          'cookie'                 => 'unused',
-          'create_dir'             => true,
-          'rate_policy'            => 'fair',
-          'rate_policy_allowed'    => 'fixed',
-          'min_rate_cap_kbps'      => nil,
-          'min_rate_kbps'          => 0,
-          'target_rate_percentage' => nil,
-          'lock_target_rate'       => nil,
-          'fasp_url'               => 'unused',
-          'lock_min_rate'          => true,
-          'lock_rate_policy'       => true,
-          'source_root'            => '',
-          'content_protection'     => nil,
-          'target_rate_cap_kbps'   => 20_000, # TODO: is this value useful ?
-          'target_rate_kbps'       => 10_000, # TODO: get from where?
-          'cipher'                 => 'aes-128',
-          'cipher_allowed'         => nil,
-          'http_fallback'          => false,
-          'http_fallback_port'     => nil,
-          'https_fallback_port'    => nil,
-          'destination_root'       => '/'
-        }
-        # but we place it in a Faspex package creation response
-        faspex_package_create_result = {
-          'links'         => { 'status' => 'unused' },
-          'xfer_sessions' => [faspex_transfer_spec]
-        }
-        Log.log.info("faspex_package_create_result=#{faspex_package_create_result}")
-        response.status = 200
-        response.content_type = 'application/json'
-        response.body = JSON.generate(faspex_package_create_result)
-      end
-
-      def do_GET(request, response)
-        case request.path
-        when '/aspera/faspex/send'
-          process_faspex_send(request, response)
-        else
-          response.status = 400
-          'ERROR HERE'
-        end
-      end
-    end # FxGwServlet
+  class Faspex4GWServlet < WEBrick::HTTPServlet::AbstractServlet
+    # @param app_api [Aspera::AoC]
+    # @param app_context [String]
+    def initialize(server, app_api, app_context)
+      super(server)
+      # typed: Aspera::AoC
+      @app_api = app_api
+      @app_context = app_context
+    end
 
-    class NewUserServlet < WEBrick::HTTPServlet::AbstractServlet
-      def do_GET(request, response)
-        case request.path
-        when '/newuser'
-          response.status = 200
-          response.content_type = 'text/html'
-          response.body = '<html><body>hello world</body></html>'
-        else
-          raise "unsupported path: [#{request.path}]"
-        end
-      end
+    # Map Faspex 4 /send API to AoC package create
+    # parameters from user to Faspex API call
+    # https://developer.ibm.com/apis/catalog/aspera--aspera-faspex-client-sdk/Sending%20Packages%20(API%20v.3)
+    def faspex4_send_to_aoc(faspex_pkg_parameters)
+      faspex_pkg_delivery = faspex_pkg_parameters['delivery']
+      package_data = {
+        # 'file_names'   => faspex_pkg_delivery['sources'][0]['paths'],
+        'name'         => faspex_pkg_delivery['title'],
+        'note'         => faspex_pkg_delivery['note'],
+        'recipients'   => faspex_pkg_delivery['recipients'],
+        'workspace_id' => @app_context
+      }
+      created_package = @app_api.create_package_simple(package_data, true, @new_user_option)
+      # but we place it in a Faspex package creation response
+      return {
+        'links'         => { 'status' => 'unused' },
+        'xfer_sessions' => [created_package[:spec]]
+      }
     end
 
-    def initialize(a_aoc_api_user, a_workspace_id)
-      webrick_options = {
-        Port:        9443,
-        Logger:      Log.log,
-        SSLEnable:   true,
-        SSLCertName: [['CN', WEBrick::Utils.getservername]]
+    def faspex4_send_to_faspex5(faspex_pkg_parameters)
+      faspex_pkg_delivery = faspex_pkg_parameters['delivery']
+      package_data = {
+        'title'      => faspex_pkg_delivery['title'],
+        'note'       => faspex_pkg_delivery['note'],
+        'recipients' => faspex_pkg_delivery['recipients'].map{|name|{'name'=>name}}
+      }
+      package = @app_api.create('packages', package_data)[:data]
+      # TODO: option to send from remote source or httpgw
+      transfer_spec = @app_api.call(
+        operation:   'POST',
+        subpath:     "packages/#{package['id']}/transfer_spec/upload",
+        headers:     {'Accept' => 'application/json'},
+        url_params:  {transfer_type: Aspera::Cli::Plugins::Faspex5::TRANSFER_CONNECT},
+        json_params: {paths: [{'destination'=>'/'}]}
+      )[:data]
+      transfer_spec.delete('authentication')
+      # but we place it in a Faspex package creation response
+      return {
+        'links'         => { 'status' => 'unused' },
+        'xfer_sessions' => [transfer_spec]
       }
-      Log.log.info("Server started on port #{webrick_options[:Port]}")
-      @server = WEBrick::HTTPServer.new(webrick_options)
-      @server.mount('/aspera/faspex', FxGwServlet, a_aoc_api_user, a_workspace_id)
-      @server.mount('/newuser', NewUserServlet)
-      trap('INT') { @server.shutdown }
     end
 
-    def start_server
-      @server.start
+    def do_POST(request, response)
+      case request.path
+      when '/aspera/faspex/send'
+        begin
+          raise 'no payload' if request.body.nil?
+          faspex_pkg_parameters = JSON.parse(request.body)
+          Log.log.debug{"faspex pkg create parameters=#{faspex_pkg_parameters}"}
+          faspex_package_create_result =
+            if @app_api.is_a?(Aspera::AoC)
+              faspex4_send_to_aoc(faspex_pkg_parameters)
+            elsif @app_api.is_a?(Aspera::Rest)
+              faspex4_send_to_faspex5(faspex_pkg_parameters)
+            else
+              raise "No such adapter: #{@app_api.class}"
+            end
+          Log.log.info{"faspex_package_create_result=#{faspex_package_create_result}"}
+          response.status = 200
+          response.content_type = 'application/json'
+          response.body = JSON.generate(faspex_package_create_result)
+        rescue => e
+          response.status = 500
+          response['Content-Type'] = 'application/json'
+          response.body = {error: e.message}.to_json
+          Log.log.error(e.message)
+        end
+      else
+        response.status = 400
+        response['Content-Type'] = 'application/json'
+        response.body = {error: 'Bad request'}.to_json
+      end
     end
-  end # FaspexGW
+  end # Faspex4GWServlet
 end # AsperaLm

data/lib/aspera/faspex_postproc.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'English'
+require 'aspera/web_server_simple'
+require 'aspera/log'
+require 'json'
+require 'timeout'
+
+module Aspera
+  # this class answers the Faspex /send API and creates a package on Aspera on Cloud
+  class Faspex4PostProcServlet < WEBrick::HTTPServlet::AbstractServlet
+    ALLOWED_PARAMETERS = %i[root script_folder fail_on_error timeout_seconds].freeze
+    def initialize(server, parameters)
+      raise 'parameters must be Hash' unless parameters.is_a?(Hash)
+      @parameters = parameters.symbolize_keys
+      Log.dump(:postproc_parameters, @parameters)
+      raise "unexpected key in parameters config: only: #{ALLOWED_PARAMETERS.join(', ')}" if @parameters.keys.any?{|k|!ALLOWED_PARAMETERS.include?(k)}
+      @parameters[:script_folder] ||= '.'
+      @parameters[:fail_on_error] ||= false
+      @parameters[:timeout_seconds] ||= 60
+      super(server)
+      Log.log.debug{"Faspex4PostProcServlet initialized"}
+    end
+
+    def do_POST(request, response)
+      Log.log.debug{"request=#{request.path}"}
+      begin
+        # only accept requests on the root
+        if !request.path.start_with?(@parameters[:root])
+          response.status = 400
+          response['Content-Type'] = 'application/json'
+          response.body = {status: 'error', message: 'Request outside domain'}.to_json
+          return
+        end
+        if request.body.nil?
+          response.status = 400
+          response['Content-Type'] = 'application/json'
+          response.body = {status: 'error', message: 'Empty request'}.to_json
+          return
+        end
+        # build script path by removing domain, and adding script folder
+        script_file = request.path[@parameters[:root].size .. ]
+        Log.log.debug{"script file=#{script_file}"}
+        script_path = File.join(@parameters[:script_folder], script_file)
+        Log.log.debug{"script=#{script_path}"}
+        webhook_parameters = JSON.parse(request.body)
+        Log.dump(:webhook_parameters, webhook_parameters)
+        # env expects only strings
+        environment = webhook_parameters.each_with_object({}) { |(k, v), h| h[k] = v.to_s }
+        post_proc_pid = Process.spawn(environment, [script_path, script_path])
+        Log.log.debug{"pid=#{post_proc_pid}"}
+        raise 'no pid' if post_proc_pid.nil?
+        # "wait" for process to avoid zombie
+        Timeout.timeout(@parameters[:timeout_seconds]) do
+          Process.wait(post_proc_pid)
+          post_proc_pid = nil
+        end
+        process_status = $CHILD_STATUS
+        raise "script #{script_path} failed with code #{process_status.exitstatus}" if !process_status.success? && @parameters[:fail_on_error]
+        response.status = 200
+        response.content_type = 'application/json'
+        response.body = JSON.generate({status: 'success', script: script_path, exit_code: process_status.exitstatus})
+        Log.log.debug{'Script executed successfully'}
+      rescue => e
+        Log.log.error("Script failed: #{e.class}:#{e.message}")
+        if !post_proc_pid.nil?
+          Process.kill('SIGKILL', post_proc_pid)
+          Process.wait(post_proc_pid)
+          Log.log.error("Killed process: #{post_proc_pid}")
+        end
+        response.status = 500
+        response['Content-Type'] = 'application/json'
+        response.body = {status: 'error', script: script_path, message: e.message}.to_json
+      end
+    end
+  end # Faspex4PostProcServlet
+end # AsperaLm

data/lib/aspera/hash_ext.rb

@@ -2,11 +2,11 @@
 
 class ::Hash
   def deep_merge(second)
-    merge(second){|_key,v1,v2|Hash === v1 && Hash === v2 ? v1.deep_merge(v2) : v2}
+    merge(second){|_key, v1, v2|Hash === v1 && Hash === v2 ? v1.deep_merge(v2) : v2}
   end
 
   def deep_merge!(second)
-    merge!(second){|_key,v1,v2|Hash === v1 && Hash === v2 ? v1.deep_merge!(v2) : v2}
+    merge!(second){|_key, v1, v2|Hash === v1 && Hash === v2 ? v1.deep_merge!(v2) : v2}
   end
 end
 
@@ -14,7 +14,7 @@ end
 unless Hash.method_defined?(:transform_keys)
   class Hash
     def transform_keys
-      return each_with_object({}){|(k,v),memo|memo[yield(k)]=v} if block_given?
+      return each_with_object({}){|(k, v), memo|memo[yield(k)] = v} if block_given?
       raise 'missing block'
     end
   end

data/lib/aspera/id_generator.rb

@@ -7,7 +7,7 @@ module Aspera
     ID_SEPARATOR = '_'
     WINDOWS_PROTECTED_CHAR = %r{[/:"<>\\*?]}.freeze
     PROTECTED_CHAR_REPLACE = '_'
-    private_constant :ID_SEPARATOR,:PROTECTED_CHAR_REPLACE,:WINDOWS_PROTECTED_CHAR
+    private_constant :ID_SEPARATOR, :PROTECTED_CHAR_REPLACE, :WINDOWS_PROTECTED_CHAR
     class << self
       def from_list(object_id)
         if object_id.is_a?(Array)
@@ -16,10 +16,10 @@ module Aspera
           end.join(ID_SEPARATOR)
         end
         raise 'id must be a String' unless object_id.is_a?(String)
-        return object_id.
-            gsub(WINDOWS_PROTECTED_CHAR,PROTECTED_CHAR_REPLACE). # remove windows forbidden chars
-            gsub('.',PROTECTED_CHAR_REPLACE).  # keep dot for extension only (nicer)
-            downcase
+        return object_id
+            .gsub(WINDOWS_PROTECTED_CHAR, PROTECTED_CHAR_REPLACE) # remove windows forbidden chars
+            .gsub('.', PROTECTED_CHAR_REPLACE)  # keep dot for extension only (nicer)
+            .downcase
       end
     end
   end

data/lib/aspera/keychain/encrypted_hash.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'aspera/hash_ext'
+require 'aspera/environment'
 require 'symmetric_encryption/core'
 require 'yaml'
 
@@ -8,65 +9,59 @@ module Aspera
   module Keychain
     # Manage secrets in a simple Hash
     class EncryptedHash
-      CIPHER_NAME='aes-256-cbc'
-      ACCEPTED_KEYS = %i[label username password url description].freeze
-      def initialize(path,current_password)
-        @path=path
-        self.password=current_password
+      CIPHER_NAME = 'aes-256-cbc'
+      CONTENT_KEYS = %i[label username password url description].freeze
+      def initialize(path, current_password)
+        @path = path
+        self.password = current_password
         raise 'path to vault file shall be String' unless @path.is_a?(String)
-        @all_secrets=File.exist?(@path) ? YAML.load_stream(@cipher.decrypt(File.read(@path))).first : {}
+        @all_secrets = File.exist?(@path) ? YAML.load_stream(@cipher.decrypt(File.read(@path))).first : {}
       end
 
       def password=(new_password)
-        key_bytes=CIPHER_NAME.split('-')[1].to_i/8
-        # derive key from passphrase
-        key="#{new_password}#{"\x0"*key_bytes}"[0..(key_bytes-1)]
-        Log.log.debug("key=[#{key}],#{key.length}")
-        SymmetricEncryption.cipher=@cipher = SymmetricEncryption::Cipher.new(cipher_name: CIPHER_NAME,key: key,encoding: :none)
+        # number of bits in second position
+        key_bytes = CIPHER_NAME.split('-')[1].to_i / Environment::BITS_PER_BYTE
+        # derive key from passphrase, add trailing zeros
+        key = "#{new_password}#{"\x0" * key_bytes}"[0..(key_bytes - 1)]
+        Log.log.debug{"key=[#{key}],#{key.length}"}
+        SymmetricEncryption.cipher = @cipher = SymmetricEncryption::Cipher.new(cipher_name: CIPHER_NAME, key: key, encoding: :none)
       end
 
       def save
-        File.write(@path, @cipher.encrypt(YAML.dump(@all_secrets)),encoding: 'BINARY')
+        File.write(@path, @cipher.encrypt(YAML.dump(@all_secrets)), encoding: 'BINARY')
       end
 
       def set(options)
         raise 'options shall be Hash' unless options.is_a?(Hash)
-        unsupported = options.keys - ACCEPTED_KEYS
+        unsupported = options.keys - CONTENT_KEYS
+        options.each_value {|v| raise 'value must be String' unless v.is_a?(String)}
         raise "unsupported options: #{unsupported}" unless unsupported.empty?
         label = options.delete(:label)
-        raise "secret #{label} already exist, delete first" if @all_secrets.has_key?(label)
+        raise "secret #{label} already exist, delete first" if @all_secrets.key?(label)
         @all_secrets[label] = options.symbolize_keys
         save
       end
 
       def list
         result = []
-        @all_secrets.each do |label,values|
+        @all_secrets.each do |label, values|
           normal = values.symbolize_keys
           normal[:label] = label
-          ACCEPTED_KEYS.each{|k|normal[k] = '' unless normal.has_key?(k)}
+          CONTENT_KEYS.each{|k|normal[k] = '' unless normal.key?(k)}
           result.push(normal)
         end
         return result
       end
 
-      def delete(options)
-        raise 'options shall be Hash' unless options.is_a?(Hash)
-        unsupported = options.keys - %i[label]
-        raise "unsupported options: #{unsupported}" unless unsupported.empty?
-        label=options[:label]
+      def delete(label:)
         @all_secrets.delete(label)
         save
       end
 
-      def get(options)
-        raise 'options shall be Hash' unless options.is_a?(Hash)
-        unsupported = options.keys - %i[label]
-        raise "unsupported options: #{unsupported}" unless unsupported.empty?
-        label=options[:label]
+      def get(label:, exception: true)
+        raise "Label not found: #{label}" unless @all_secrets.key?(label) || !exception
         result = @all_secrets[label].clone
-        raise "no such entry #{label}" if result.nil?
-        result[:label]=label
+        result[:label] = label if result.is_a?(Hash)
         return result
       end
     end