aspera-cli 4.9.0 → 4.11.0

data/lib/aspera/cli/plugins/config.rb

@@ -4,6 +4,7 @@ require 'aspera/cli/basic_auth_plugin'
 require 'aspera/cli/extended_value'
 require 'aspera/cli/version'
 require 'aspera/cli/formater'
+require 'aspera/cli/info'
 require 'aspera/fasp/installation'
 require 'aspera/fasp/parameters'
 require 'aspera/fasp/transfer_spec'
@@ -27,7 +28,7 @@ module Aspera
   module Cli
     module Plugins
       # manage the CLI config file
-      class Config < Plugin
+      class Config < Aspera::Cli::Plugin
         # folder in $HOME for application files (config, cache)
         ASPERA_HOME_FOLDER_NAME = '.aspera'
         # default config file
@@ -37,7 +38,6 @@ module Aspera
         CONF_PRESET_VERSION = 'version'
         CONF_PRESET_DEFAULT = 'default'
         CONF_PRESET_GLOBAL = 'global_common_defaults'
-        CONF_PRESET_SECRETS = 'default_secrets' # pragma: allowlist secret
         CONF_PLUGIN_SYM = :config # Plugins::Config.name.split('::').last.downcase.to_sym
         CONF_GLOBAL_SYM = :config
         # old tool name
@@ -62,24 +62,45 @@ module Aspera
         EMAIL_TEST_TEMPLATE = <<~END_OF_TEMPLATE
           From: <%=from_name%> <<%=from_email%>>
           To: <<%=to%>>
-          Subject: Amelia email test
+          Subject: #{GEM_NAME} email test
 
-          It worked !
+          This email was sent to test #{PROGRAM_NAME}.
         END_OF_TEMPLATE
         # special extended values
         EXTV_INCLUDE_PRESETS = :incps
         EXTV_PRESET = :preset
+        EXTV_VAULT = :vault
         PRESET_DIG_SEPARATOR = '.'
         DEFAULT_CHECK_NEW_VERSION_DAYS = 7
         DEFAULT_PRIV_KEY_FILENAME = 'aspera_aoc_key' # pragma: allowlist secret
         DEFAULT_PRIVKEY_LENGTH = 4096
-        private_constant :DEFAULT_CONFIG_FILENAME,:CONF_PRESET_CONFIG,:CONF_PRESET_VERSION,:CONF_PRESET_DEFAULT,
-          :CONF_PRESET_GLOBAL,:PROGRAM_NAME_V1,:PROGRAM_NAME_V2,:DEFAULT_REDIRECT,:ASPERA_PLUGINS_FOLDERNAME,
-          :RUBY_FILE_EXT,:AOC_COMMAND_V1,:AOC_COMMAND_V2,:AOC_COMMAND_V3,:AOC_COMMAND_CURRENT,:DEMO,
-          :TRANSFER_SDK_ARCHIVE_URL,:AOC_PATH_API_CLIENTS,:DEMO_SERVER_PRESET,:EMAIL_TEST_TEMPLATE,:EXTV_INCLUDE_PRESETS,
-          :EXTV_PRESET,:DEFAULT_CHECK_NEW_VERSION_DAYS,:DEFAULT_PRIV_KEY_FILENAME,:SERVER_COMMAND,:CONF_PRESET_SECRETS,
+        private_constant :DEFAULT_CONFIG_FILENAME,
+          :CONF_PRESET_CONFIG,
+          :CONF_PRESET_VERSION,
+          :CONF_PRESET_DEFAULT,
+          :CONF_PRESET_GLOBAL,
+          :PROGRAM_NAME_V1,
+          :PROGRAM_NAME_V2,
+          :DEFAULT_REDIRECT,
+          :ASPERA_PLUGINS_FOLDERNAME,
+          :RUBY_FILE_EXT,
+          :AOC_COMMAND_V1,
+          :AOC_COMMAND_V2,
+          :AOC_COMMAND_V3,
+          :AOC_COMMAND_CURRENT,
+          :DEMO,
+          :TRANSFER_SDK_ARCHIVE_URL,
+          :AOC_PATH_API_CLIENTS,
+          :DEMO_SERVER_PRESET,
+          :EMAIL_TEST_TEMPLATE,
+          :EXTV_INCLUDE_PRESETS,
+          :EXTV_PRESET,
+          :EXTV_VAULT,
+          :DEFAULT_CHECK_NEW_VERSION_DAYS,
+          :DEFAULT_PRIV_KEY_FILENAME,
+          :SERVER_COMMAND,
           :PRESET_DIG_SEPARATOR
-        def initialize(env,params)
+        def initialize(env, params)
           raise 'env and params must be Hash' unless env.is_a?(Hash) && params.is_a?(Hash)
           raise 'missing param' unless %i[name help version gem].sort.eql?(params.keys.sort)
           super(env)
@@ -91,60 +112,70 @@ module Aspera
           @config_presets = nil
           @connect_versions = nil
           @vault = nil
-          @conf_file_default = File.join(@main_folder,DEFAULT_CONFIG_FILENAME)
+          @conf_file_default = File.join(@main_folder, DEFAULT_CONFIG_FILENAME)
           @option_config_file = @conf_file_default
           @pac_exec = nil
-          Log.log.debug("#{@info[:name]} folder: #{@main_folder}")
+          Log.log.debug{"#{@info[:name]} folder: #{@main_folder}"}
           # set folder for FASP SDK
           add_plugin_lookup_folder(self.class.gem_plugins_folder)
-          add_plugin_lookup_folder(File.join(@main_folder,ASPERA_PLUGINS_FOLDERNAME))
+          add_plugin_lookup_folder(File.join(@main_folder, ASPERA_PLUGINS_FOLDERNAME))
           # do file parameter first
-          options.set_obj_attr(:config_file,self,:option_config_file)
-          options.add_opt_simple(:config_file,"read parameters from file in YAML format, current=#{@option_config_file}")
+          options.set_obj_attr(:config_file, self, :option_config_file)
+          options.add_opt_simple(:config_file, "read parameters from file in YAML format, current=#{@option_config_file}")
           options.parse_options!
-          # read correct file
+          # read correct file (set @config_presets)
           read_config_file
           # add preset handler (needed for smtp)
-          ExtendedValue.instance.set_handler(EXTV_PRESET,:reader,lambda{|v|preset_by_name(v)})
-          ExtendedValue.instance.set_handler(EXTV_INCLUDE_PRESETS,:decoder,lambda{|v|expanded_with_preset_includes(v)})
+          ExtendedValue.instance.set_handler(EXTV_PRESET, :reader, lambda{|v|preset_by_name(v)})
+          ExtendedValue.instance.set_handler(EXTV_INCLUDE_PRESETS, :decoder, lambda{|v|expanded_with_preset_includes(v)})
+          ExtendedValue.instance.set_handler(EXTV_VAULT, :decoder, lambda{|v|vault_value(v)})
           # load defaults before it can be overriden
           add_plugin_default_preset(CONF_GLOBAL_SYM)
           options.parse_options!
-          options.set_obj_attr(:ascp_path,Fasp::Installation.instance,:ascp_path)
-          options.set_obj_attr(:sdk_folder,Fasp::Installation.instance,:sdk_folder)
-          options.set_obj_attr(:use_product,self,:option_use_product)
-          options.set_obj_attr(:preset,self,:option_preset)
-          options.set_obj_attr(:plugin_folder,self,:option_plugin_folder)
-          options.add_opt_switch(:no_default,'-N','do not load default configuration for plugin') { @use_plugin_defaults = false }
-          options.add_opt_boolean(:override,'Wizard: override existing value')
-          options.add_opt_boolean(:use_generic_client,'Wizard: AoC: use global or org specific jwt client id')
-          options.add_opt_boolean(:default,'Wizard: set as default configuration for specified plugin (also: update)')
-          options.add_opt_boolean(:test_mode,'Wizard: skip private key check step')
-          options.add_opt_simple(:preset,'-PVALUE','load the named option preset from current config file')
-          options.add_opt_simple(:pkeypath,'Wizard: path to private key for JWT')
-          options.add_opt_simple(:ascp_path,'path to ascp')
-          options.add_opt_simple(:use_product,'use ascp from specified product')
-          options.add_opt_simple(:smtp,'smtp configuration (extended value: hash)')
-          options.add_opt_simple(:fpac,'proxy auto configuration script')
-          options.add_opt_simple(:secret,'default secret')
-          options.add_opt_simple(:secrets,'secret vault')
-          options.add_opt_simple(:sdk_url,'URL to get SDK')
-          options.add_opt_simple(:sdk_folder,'SDK folder path')
-          options.add_opt_simple(:notif_to,'email recipient for notification of transfers')
-          options.add_opt_simple(:notif_template,'email ERB template for notification of transfers')
-          options.add_opt_simple(:version_check_days,Integer,'period in days to check new version (zero to disable)')
-          options.add_opt_simple(:plugin_folder,'folder where to find additional plugins')
-          options.set_option(:use_generic_client,true)
-          options.set_option(:test_mode,false)
-          options.set_option(:default,true)
-          options.set_option(:version_check_days,DEFAULT_CHECK_NEW_VERSION_DAYS)
-          options.set_option(:sdk_url,TRANSFER_SDK_ARCHIVE_URL)
-          options.set_option(:sdk_folder,File.join(@main_folder,'sdk'))
-          options.set_option(:override,:no)
+          options.set_obj_attr(:ascp_path, Fasp::Installation.instance, :ascp_path)
+          options.set_obj_attr(:sdk_folder, Fasp::Installation.instance, :sdk_folder)
+          options.set_obj_attr(:use_product, self, :option_use_product)
+          options.set_obj_attr(:preset, self, :option_preset)
+          options.set_obj_attr(:plugin_folder, self, :option_plugin_folder)
+          options.add_opt_switch(:no_default, '-N', 'do not load default configuration for plugin') { @use_plugin_defaults = false }
+          options.add_opt_boolean(:override, 'Wizard: override existing value')
+          options.add_opt_boolean(:use_generic_client, 'Wizard: AoC: use global or org specific jwt client id')
+          options.add_opt_boolean(:default, 'Wizard: set as default configuration for specified plugin (also: update)')
+          options.add_opt_boolean(:test_mode, 'Wizard: skip private key check step')
+          options.add_opt_simple(:preset, '-PVALUE', 'load the named option preset from current config file')
+          options.add_opt_simple(:pkeypath, 'Wizard: path to private key for JWT')
+          options.add_opt_simple(:ascp_path, 'Path to ascp')
+          options.add_opt_simple(:use_product, 'Use ascp from specified product')
+          options.add_opt_simple(:smtp, 'SMTP configuration (extended value: hash)')
+          options.add_opt_simple(:fpac, 'Proxy auto configuration script')
+          options.add_opt_simple(:proxy_credentials, 'HTTP proxy credentials (Array with user and password)')
+          options.add_opt_simple(:secret, 'Secret for access keys')
+          options.add_opt_simple(:vault, 'Vault for secrets')
+          options.add_opt_simple(:vault_password, 'Vault password')
+          options.add_opt_simple(:sdk_url, 'URL to get SDK')
+          options.add_opt_simple(:sdk_folder, 'SDK folder path')
+          options.add_opt_simple(:notif_to, 'Email recipient for notification of transfers')
+          options.add_opt_simple(:notif_template, 'Email ERB template for notification of transfers')
+          options.add_opt_simple(:version_check_days, Integer, 'Period in days to check new version (zero to disable)')
+          options.add_opt_simple(:plugin_folder, 'Folder where to find additional plugins')
+          options.set_option(:use_generic_client, true)
+          options.set_option(:test_mode, false)
+          options.set_option(:default, true)
+          options.set_option(:version_check_days, DEFAULT_CHECK_NEW_VERSION_DAYS)
+          options.set_option(:sdk_url, TRANSFER_SDK_ARCHIVE_URL)
+          options.set_option(:sdk_folder, File.join(@main_folder, 'sdk'))
+          options.set_option(:override, :no)
           options.parse_options!
           pac_script = options.get_option(:fpac)
           # create PAC executor
           @pac_exec = Aspera::ProxyAutoConfig.new(pac_script).register_uri_generic unless pac_script.nil?
+          proxy_creds = options.get_option(:proxy_credentials)
+          if !proxy_creds.nil?
+            raise CliBadArgument, 'proxy credentials shall be an array (#{proxy_creds.class})' unless proxy_creds.is_a?(Array)
+            raise CliBadArgument, 'proxy credentials shall have two elements (#{proxy_creds.length})' unless proxy_creds.length.eql?(2)
+            @pac_exec.proxy_user = Rest.proxy_user = proxy_creds[0]
+            @pac_exec.proxy_pass = Rest.proxy_pass = proxy_creds[1]
+          end
         end
 
         # env var name to override the app's main folder
@@ -159,8 +190,8 @@ module Aspera
           # if env var undefined or empty
           if app_folder.nil? || app_folder.empty?
             user_home_folder = Dir.home
-            raise CliError,"Home folder does not exist: #{user_home_folder}. Check your user environment or use #{conf_dir_env_var}." unless Dir.exist?(user_home_folder)
-            app_folder = File.join(user_home_folder,ASPERA_HOME_FOLDER_NAME,@info[:name])
+            raise CliError, "Home folder does not exist: #{user_home_folder}. Check your user environment or use #{conf_dir_env_var}." unless Dir.exist?(user_home_folder)
+            app_folder = File.join(user_home_folder, ASPERA_HOME_FOLDER_NAME, @info[:name])
           end
           return app_folder
         end
@@ -174,8 +205,10 @@ module Aspera
               '0'
             end
           if Gem::Version.new(Environment.ruby_version) < Gem::Version.new(RUBY_FUTURE_MINIMUM_VERSION)
-            Log.log.warn("Note that a future version will require Ruby version #{RUBY_FUTURE_MINIMUM_VERSION} at minimum, "\
-              "you are using #{Environment.ruby_version}")
+            Log.log.warn do
+              "Note that a future version will require Ruby version #{RUBY_FUTURE_MINIMUM_VERSION} at minimum, "\
+                "you are using #{Environment.ruby_version}"
+            end
           end
           return {
             name:        @info[:gem],
@@ -187,8 +220,8 @@ module Aspera
 
         def periodic_check_newer_gem_version
           # get verification period
-          delay_days = options.get_option(:version_check_days,is_type: :mandatory)
-          Log.log.info("check days: #{delay_days}")
+          delay_days = options.get_option(:version_check_days, is_type: :mandatory)
+          Log.log.info{"check days: #{delay_days}"}
           # check only if not zero day
           return if delay_days.eql?(0)
           # get last date from persistency
@@ -206,28 +239,29 @@ module Aspera
               # negative value will force check
               -1
             end
-          Log.log.debug("days elapsed: #{last_check_days}")
+          Log.log.debug{"days elapsed: #{last_check_days}"}
           return if last_check_days < delay_days
           # generate timestamp
           last_check_array[0] = current_date.strftime('%Y/%m/%d')
           check_date_persist.save
           # compare this version and the one on internet
           check_data = check_gem_version
-          Log.log.warn("A new version is available: #{check_data[:latest]}. "\
-            "You have #{check_data[:current]}. Upgrade with: gem update #{check_data[:name]}") if check_data[:need_update]
+          Log.log.warn do
+            "A new version is available: #{check_data[:latest]}. You have #{check_data[:current]}. Upgrade with: gem update #{check_data[:name]}"
+          end if check_data[:need_update]
         end
 
         # retrieve structure from cloud (CDN) with all versions available
         def connect_versions
           if @connect_versions.nil?
             api_connect_cdn = Rest.new({base_url: CONNECT_WEB_URL})
-            javascript = api_connect_cdn.call({operation: 'GET',subpath: CONNECT_VERSIONS})
+            javascript = api_connect_cdn.call({operation: 'GET', subpath: CONNECT_VERSIONS})
             # get result on one line
-            connect_versions_javascript = javascript[:http].body.gsub(/\r?\n\s*/,'')
-            Log.log.debug("javascript=[\n#{connect_versions_javascript}\n]")
+            connect_versions_javascript = javascript[:http].body.gsub(/\r?\n\s*/, '')
+            Log.log.debug{"javascript=[\n#{connect_versions_javascript}\n]"}
             # get javascript object only
             found = connect_versions_javascript.match(/^.*? = (.*);/)
-            raise CliError,'Problen when getting connect versions from internet' if found.nil?
+            raise CliError, 'Problen when getting connect versions from internet' if found.nil?
             alldata = JSON.parse(found[1])
             @connect_versions = alldata['entries']
           end
@@ -240,20 +274,20 @@ module Aspera
         # @param plugin_name_sym : symbol for plugin name
         def add_plugin_default_preset(plugin_name_sym)
           default_config_name = get_plugin_default_config_name(plugin_name_sym)
-          Log.log.debug("add_plugin_default_preset:#{plugin_name_sym}:#{default_config_name}")
-          options.add_option_preset(preset_by_name(default_config_name),op: :unshift) unless default_config_name.nil?
+          Log.log.debug{"add_plugin_default_preset:#{plugin_name_sym}:#{default_config_name}"}
+          options.add_option_preset(preset_by_name(default_config_name), op: :unshift) unless default_config_name.nil?
           return nil
         end
 
         private
 
-        def generate_rsa_private_key(private_key_path,length)
+        def generate_rsa_private_key(private_key_path, length)
           require 'openssl'
           priv_key = OpenSSL::PKey::RSA.new(length)
-          File.write(private_key_path,priv_key.to_s)
-          File.chmod(0400,private_key_path)
-          File.write(private_key_path + '.pub',priv_key.public_key.to_s)
-          File.chmod(0400,private_key_path + '.pub')
+          File.write(private_key_path, priv_key.to_s)
+          File.write(private_key_path + '.pub', priv_key.public_key.to_s)
+          Environment.restrict_file_access(private_key_path)
+          Environment.restrict_file_access(private_key_path + '.pub')
           nil
         end
 
@@ -272,7 +306,7 @@ module Aspera
           # @return main folder where code is, i.e. .../lib
           # go up as many times as englobing modules (not counting class, as it is a file)
           def gem_src_root
-            File.expand_path(module_full_name.gsub('::','/').gsub(%r{[^/]+},'..'),gem_plugins_folder)
+            File.expand_path(module_full_name.gsub('::', '/').gsub(%r{[^/]+}, '..'), gem_plugins_folder)
           end
 
           # instanciate a plugin
@@ -286,7 +320,7 @@ module Aspera
         # set parameter and value in global config
         # creates one if none already created
         # @return preset name that contains global default
-        def set_global_default(key,value)
+        def set_global_default(key, value)
           # get default preset if it exists
           global_default_preset_name = get_plugin_default_config_name(CONF_GLOBAL_SYM)
           if global_default_preset_name.nil?
@@ -312,17 +346,17 @@ module Aspera
         # @param config_name name of the preset in config file
         # @param include_path used to detect and avoid include loops
         def preset_by_name(config_name, include_path=[])
-          raise CliError,'loop in include' if include_path.include?(config_name)
+          raise CliError, 'loop in include' if include_path.include?(config_name)
           include_path = include_path.clone # avoid messing up if there are multiple branches
           current = @config_presets
           config_name.split(PRESET_DIG_SEPARATOR).each do |name|
-            raise CliError,"not a Hash: #{include_path} (#{current.class})" unless current.is_a?(Hash)
+            raise CliError, "Expecting Hash for subkey: #{include_path} (#{current.class})" unless current.is_a?(Hash)
             include_path.push(name)
             current = current[name]
-            raise CliError,"no such config preset: #{include_path}" if nil?
+            raise CliError, "No such config preset: #{include_path}" if current.nil?
           end
           case current
-          when Hash then return expanded_with_preset_includes(current,include_path)
+          when Hash then return expanded_with_preset_includes(current, include_path)
           when String then return ExtendedValue.instance.evaluate(current)
           else return current
           end
@@ -332,8 +366,8 @@ module Aspera
         # @param hash_val
         # @param include_path to avoid inclusion loop
         def expanded_with_preset_includes(hash_val, include_path=[])
-          raise CliError,"#{EXTV_INCLUDE_PRESETS} requires a Hash, have #{hash_val.class}" unless hash_val.is_a?(Hash)
-          if hash_val.has_key?(EXTV_INCLUDE_PRESETS)
+          raise CliError, "#{EXTV_INCLUDE_PRESETS} requires a Hash, have #{hash_val.class}" unless hash_val.is_a?(Hash)
+          if hash_val.key?(EXTV_INCLUDE_PRESETS)
             memory = hash_val.clone
             includes = memory[EXTV_INCLUDE_PRESETS]
             memory.delete(EXTV_INCLUDE_PRESETS)
@@ -341,7 +375,7 @@ module Aspera
             raise "#{EXTV_INCLUDE_PRESETS} must be an Array" unless includes.is_a?(Array)
             raise "#{EXTV_INCLUDE_PRESETS} must contain names" unless includes.map(&:class).uniq.eql?([String])
             includes.each do |preset_name|
-              hash_val.merge!(preset_by_name(preset_name,include_path))
+              hash_val.merge!(preset_by_name(preset_name, include_path))
             end
             hash_val.merge!(memory)
           end
@@ -381,121 +415,122 @@ module Aspera
           end
         end
 
-        def convert_preset_path(old_name,new_name,files_to_copy)
-          old_subpath = File.join('',ASPERA_HOME_FOLDER_NAME,old_name,'')
-          new_subpath = File.join('',ASPERA_HOME_FOLDER_NAME,new_name,'')
+        def convert_preset_path(old_name, new_name, files_to_copy)
+          old_subpath = File.join('', ASPERA_HOME_FOLDER_NAME, old_name, '')
+          new_subpath = File.join('', ASPERA_HOME_FOLDER_NAME, new_name, '')
           # convert possible keys located in config folder
           @config_presets.values.select{|p|p.is_a?(Hash)}.each do |preset|
             preset.values.select{|v|v.is_a?(String) && v.include?(old_subpath)}.each do |value|
               old_val = value.clone
-              included_path = File.expand_path(old_val.gsub(/^@file:/,''))
+              included_path = File.expand_path(old_val.gsub(/^@file:/, ''))
               files_to_copy.push(included_path) unless files_to_copy.include?(included_path) || !File.exist?(included_path)
-              value.gsub!(old_subpath,new_subpath)
-              Log.log.warn("Converted config value: #{old_val} -> #{value}")
+              value.gsub!(old_subpath, new_subpath)
+              Log.log.warn{"Converted config value: #{old_val} -> #{value}"}
             end
           end
         end
 
-        def convert_preset_plugin_name(old_name,new_name)
+        def convert_preset_plugin_name(old_name, new_name)
           default_preset = @config_presets[CONF_PRESET_DEFAULT]
-          return unless default_preset.is_a?(Hash) && default_preset.has_key?(old_name)
+          return unless default_preset.is_a?(Hash) && default_preset.key?(old_name)
           default_preset[new_name] = default_preset[old_name]
           default_preset.delete(old_name)
-          Log.log.warn("Converted plugin default: #{old_name} -> #{new_name}")
+          Log.log.warn{"Converted plugin default: #{old_name} -> #{new_name}"}
         end
 
         # read config file and validate format
         # tries to convert from older version if possible and required
         def read_config_file
-          begin
-            Log.log.debug("config file is: #{@option_config_file}".red)
-            conf_file_v1 = File.join(Dir.home,ASPERA_HOME_FOLDER_NAME,PROGRAM_NAME_V1,DEFAULT_CONFIG_FILENAME)
-            conf_file_v2 = File.join(Dir.home,ASPERA_HOME_FOLDER_NAME,PROGRAM_NAME_V2,DEFAULT_CONFIG_FILENAME)
-            # files search for configuration, by default the one given by user
-            search_files = [@option_config_file]
-            # if default file, then also look for older versions
-            search_files.push(conf_file_v2,conf_file_v1) if @option_config_file.eql?(@conf_file_default)
-            # find first existing file (or nil)
-            conf_file_to_load = search_files.find{|f| File.exist?(f)}
-            # require save if old version of file
-            save_required = !@option_config_file.eql?(conf_file_to_load)
-            # if no file found, create default config
-            if conf_file_to_load.nil?
-              Log.log.warn("No config file found. Creating empty configuration file: #{@option_config_file}")
-              @config_presets = {CONF_PRESET_CONFIG => {CONF_PRESET_VERSION => @info[:version]}}
-            else
-              Log.log.debug("loading #{@option_config_file}")
-              @config_presets = YAML.load_file(conf_file_to_load)
-            end
-            files_to_copy = []
-            Log.log.debug("Available_presets: #{@config_presets}")
-            raise 'Expecting YAML Hash' unless @config_presets.is_a?(Hash)
-            # check there is at least the config section
-            if !@config_presets.has_key?(CONF_PRESET_CONFIG)
-              raise "Cannot find key: #{CONF_PRESET_CONFIG}"
-            end
-            version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION]
-            if version.nil?
-              raise 'No version found in config section.'
-            end
-            # oldest compatible conf file format, update to latest version when an incompatible change is made
-            # check compatibility of version of conf file
-            config_tested_version = '0.4.5'
-            if Gem::Version.new(version) < Gem::Version.new(config_tested_version)
-              raise "Unsupported config file version #{version}. Expecting min version #{config_tested_version}"
-            end
-            config_tested_version = '0.6.15'
-            if Gem::Version.new(version) < Gem::Version.new(config_tested_version)
-              convert_preset_plugin_name(AOC_COMMAND_V1,AOC_COMMAND_V2)
-              version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = config_tested_version
-              save_required = true
-            end
-            config_tested_version = '0.8.10'
-            if Gem::Version.new(version) <= Gem::Version.new(config_tested_version)
-              convert_preset_path(PROGRAM_NAME_V1,PROGRAM_NAME_V2,files_to_copy)
-              version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = config_tested_version
-              save_required = true
-            end
-            config_tested_version = '1.0'
-            if Gem::Version.new(version) <= Gem::Version.new(config_tested_version)
-              convert_preset_plugin_name(AOC_COMMAND_V2,AOC_COMMAND_V3)
-              convert_preset_path(PROGRAM_NAME_V2,@info[:name],files_to_copy)
-              version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = config_tested_version
-              save_required = true
-            end
-            Log.log.debug("conf version: #{version}")
-            # Place new compatibility code here
-            if save_required
-              Log.log.warn('Saving automatic conversion.')
-              @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = @info[:version]
-              save_presets_to_config_file
-              Log.log.warn('Copying referenced files')
-              files_to_copy.each do |file|
-                FileUtils.cp(file,@main_folder)
-                Log.log.warn("..#{file} -> #{@main_folder}")
-              end
+          Log.log.debug{"config file is: #{@option_config_file}".red}
+          conf_file_v1 = File.join(Dir.home, ASPERA_HOME_FOLDER_NAME, PROGRAM_NAME_V1, DEFAULT_CONFIG_FILENAME)
+          conf_file_v2 = File.join(Dir.home, ASPERA_HOME_FOLDER_NAME, PROGRAM_NAME_V2, DEFAULT_CONFIG_FILENAME)
+          # files search for configuration, by default the one given by user
+          search_files = [@option_config_file]
+          # if default file, then also look for older versions
+          search_files.push(conf_file_v2, conf_file_v1) if @option_config_file.eql?(@conf_file_default)
+          # find first existing file (or nil)
+          conf_file_to_load = search_files.find{|f| File.exist?(f)}
+          # require save if old version of file
+          save_required = !@option_config_file.eql?(conf_file_to_load)
+          # if no file found, create default config
+          if conf_file_to_load.nil?
+            Log.log.warn{"No config file found. Creating empty configuration file: #{@option_config_file}"}
+            @config_presets = {CONF_PRESET_CONFIG => {CONF_PRESET_VERSION => @info[:version]}}
+          else
+            Log.log.debug{"loading #{@option_config_file}"}
+            @config_presets = YAML.load_file(conf_file_to_load)
+          end
+          files_to_copy = []
+          Log.log.debug{"Available_presets: #{@config_presets}"}
+          raise 'Expecting YAML Hash' unless @config_presets.is_a?(Hash)
+          # check there is at least the config section
+          if !@config_presets.key?(CONF_PRESET_CONFIG)
+            raise "Cannot find key: #{CONF_PRESET_CONFIG}"
+          end
+          version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION]
+          if version.nil?
+            raise 'No version found in config section.'
+          end
+          # oldest compatible conf file format, update to latest version when an incompatible change is made
+          # check compatibility of version of conf file
+          config_tested_version = '0.4.5'
+          if Gem::Version.new(version) < Gem::Version.new(config_tested_version)
+            raise "Unsupported config file version #{version}. Expecting min version #{config_tested_version}"
+          end
+          config_tested_version = '0.6.15'
+          if Gem::Version.new(version) < Gem::Version.new(config_tested_version)
+            convert_preset_plugin_name(AOC_COMMAND_V1, AOC_COMMAND_V2)
+            version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = config_tested_version
+            save_required = true
+          end
+          config_tested_version = '0.8.10'
+          if Gem::Version.new(version) <= Gem::Version.new(config_tested_version)
+            convert_preset_path(PROGRAM_NAME_V1, PROGRAM_NAME_V2, files_to_copy)
+            version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = config_tested_version
+            save_required = true
+          end
+          config_tested_version = '1.0'
+          if Gem::Version.new(version) <= Gem::Version.new(config_tested_version)
+            convert_preset_plugin_name(AOC_COMMAND_V2, AOC_COMMAND_V3)
+            convert_preset_path(PROGRAM_NAME_V2, @info[:name], files_to_copy)
+            version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = config_tested_version
+            save_required = true
+          end
+          Log.log.debug{"conf version: #{version}"}
+          # Place new compatibility code here
+          if save_required
+            Log.log.warn('Saving automatic conversion.')
+            @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION] = @info[:version]
+            save_presets_to_config_file
+            Log.log.warn('Copying referenced files')
+            files_to_copy.each do |file|
+              FileUtils.cp(file, @main_folder)
+              Log.log.warn{"..#{file} -> #{@main_folder}"}
             end
-          rescue Psych::SyntaxError => e
-            Log.log.error('YAML error in config file')
-            raise e
-          rescue StandardError => e
-            Log.log.debug("-> #{e}")
+          end
+        rescue Psych::SyntaxError => e
+          Log.log.error('YAML error in config file')
+          raise e
+        rescue StandardError => e
+          Log.log.debug{"-> #{e.class.name} : #{e}"}
+          if File.exist?(@option_config_file)
+            # then there is a problem with that file.
             new_name = "#{@option_config_file}.pre#{@info[:version]}.manual_conversion_needed"
-            File.rename(@option_config_file,new_name)
-            Log.log.warn("Renamed config file to #{new_name}.")
+            File.rename(@option_config_file, new_name)
+            Log.log.warn{"Renamed config file to #{new_name}."}
             Log.log.warn('Manual Conversion is required. Next time, a new empty file will be created.')
-            raise CliError,e.to_s
           end
+          raise CliError, e.to_s
         end
 
         # find plugins in defined paths
         def add_plugins_from_lookup_folders
           @plugin_lookup_folders.each do |folder|
             next unless File.directory?(folder)
-            #TODO: add gem root to load path ? and require short folder ?
-            #$LOAD_PATH.push(folder) if i[:add_path]
+            # TODO: add gem root to load path ? and require short folder ?
+            # $LOAD_PATH.push(folder) if i[:add_path]
             Dir.entries(folder).select{|file|file.end_with?(RUBY_FILE_EXT)}.each do |source|
-              add_plugin_info(File.join(folder,source))
+              add_plugin_info(File.join(folder, source))
             end
           end
         end
@@ -506,17 +541,17 @@ module Aspera
 
         def add_plugin_info(path)
           raise "ERROR: plugin path must end with #{RUBY_FILE_EXT}" if !path.end_with?(RUBY_FILE_EXT)
-          plugin_symbol = File.basename(path,RUBY_FILE_EXT).to_sym
-          req = path.gsub(/#{RUBY_FILE_EXT}$/o,'')
-          if @plugins.has_key?(plugin_symbol)
-            Log.log.warn("skipping plugin already registered: #{plugin_symbol}")
+          plugin_symbol = File.basename(path, RUBY_FILE_EXT).to_sym
+          req = path.gsub(/#{RUBY_FILE_EXT}$/o, '')
+          if @plugins.key?(plugin_symbol)
+            Log.log.warn{"skipping plugin already registered: #{plugin_symbol}"}
             return
           end
-          @plugins[plugin_symbol] = {source: path,require_stanza: req}
+          @plugins[plugin_symbol] = {source: path, require_stanza: req}
         end
 
         def identify_plugin_for_url(url)
-          plugins.each do |plugin_name_sym,plugin_info|
+          plugins.each do |plugin_name_sym, plugin_info|
             # no detection for internal plugin
             next if plugin_name_sym.eql?(CONF_PLUGIN_SYM)
             # load plugin class
@@ -532,19 +567,19 @@ module Aspera
               Log.log.warn(e.message)
               Log.log.warn('Use option --insecure=yes to ignore certificate') if e.message.include?('cert')
             rescue StandardError => e
-              Log.log.debug("Cannot detect #{plugin_name_sym} : #{e.class}/#{e.message}")
+              Log.log.debug{"Cannot detect #{plugin_name_sym} : #{e.class}/#{e.message}"}
             end
             # second try : is there a redirect ?
             if detection_info.nil?
               begin
                 # TODO: check if redirect ?
-                new_url = Rest.new(base_url: url).call(operation: 'GET',subpath: '',redirect_max: 1)[:http].uri.to_s
+                new_url = Rest.new(base_url: url).call(operation: 'GET', subpath: '', redirect_max: 1)[:http].uri.to_s
                 unless url.eql?(new_url)
                   detection_info = c.detect(new_url)
                   current_url = new_url
                 end
               rescue StandardError => e
-                Log.log.debug("Cannot detect #{plugin_name_sym} : #{e.message}")
+                Log.log.debug{"Cannot detect #{plugin_name_sym} : #{e.message}"}
               end
             end
             return detection_info.merge(product: plugin_name_sym, url: current_url) unless detection_info.nil?
@@ -557,7 +592,7 @@ module Aspera
           if %i[info version].include?(command)
             connect_id = options.get_next_argument('id or title')
             one_res = connect_versions.find{|i|i['id'].eql?(connect_id) || i['title'].eql?(connect_id)}
-            raise CliNoSuchId.new(:connect,connect_id) if one_res.nil?
+            raise CliNoSuchId.new(:connect, connect_id) if one_res.nil?
           end
           case command
           when :list
@@ -578,11 +613,11 @@ module Aspera
               return {type: :object_list, data: all_links}
             when :download
               folder_dest = transfer.destination_folder(Fasp::TransferSpec::DIRECTION_RECEIVE)
-              #folder_dest=self.options.get_next_argument('destination folder')
+              # folder_dest=self.options.get_next_argument('destination folder')
               api_connect_cdn = Rest.new({base_url: CONNECT_WEB_URL})
               fileurl = one_link['href']
-              filename = fileurl.gsub(%r{.*/},'')
-              api_connect_cdn.call({operation: 'GET',subpath: fileurl,save_to_file: File.join(folder_dest,filename)})
+              filename = fileurl.gsub(%r{.*/}, '')
+              api_connect_cdn.call({operation: 'GET', subpath: fileurl, save_to_file: File.join(folder_dest, filename)})
               return Main.result_status("Downloaded: #{filename}")
             when :open
               OpenApplication.instance.uri(one_link['href'])
@@ -600,12 +635,12 @@ module Aspera
             ascp_path = options.get_next_argument('path to ascp')
             ascp_version = Fasp::Installation.instance.get_ascp_version(ascp_path)
             self.format.display_status("ascp version: #{ascp_version}")
-            preset_name = set_global_default(:ascp_path,ascp_path)
+            preset_name = set_global_default(:ascp_path, ascp_path)
             return Main.result_status("Saved to default global preset #{preset_name}")
           when :show # shows files used
             return {type: :status, data: Fasp::Installation.instance.path(:ascp)}
           when :info # shows files used
-            data = Fasp::Installation::FILES.each_with_object({}) do |v,m|
+            data = Fasp::Installation::FILES.each_with_object({}) do |v, m|
               m[v.to_s] =
                 begin
                   Fasp::Installation.instance.path(v)
@@ -614,20 +649,26 @@ module Aspera
                 end
             end
             # read PATHs from ascp directly, and pvcl modules as well
-            Open3.popen3(Fasp::Installation.instance.path(:ascp),'-DDL-') do |_stdin, _stdout, stderr, thread|
+            Open3.popen3(Fasp::Installation.instance.path(:ascp), '-DDL-') do |_stdin, _stdout, stderr, thread|
               last_line = ''
               while (line = stderr.gets)
                 line.chomp!
                 last_line = line
                 case line
-                when %r{^DBG Path ([^ ]+) (dir|file) +: (.*)$} then data[Regexp.last_match(1)] = Regexp.last_match(3)
-                when %r{^DBG Added module group:"([^"]+)" name:"([^"]+)", version:"([^"]+)" interface:"([^"]+)"$} then data[Regexp.last_match(2)] = Regexp.last_match(4)
-                when %r{^DBG License result \(/license/(\S+)\): (.+)$} then data[Regexp.last_match(1)] = Regexp.last_match(2)
-                when %r{^LOG (.+) version ([0-9.]+)$} then data['product_name'] = Regexp.last_match(1);data['product_version'] = Regexp.last_match(2)
-                when %r{^LOG Initializing FASP version ([^,]+),} then data['ascp_version'] = Regexp.last_match(1)
+                when /^DBG Path ([^ ]+) (dir|file) +: (.*)$/
+                  data[Regexp.last_match(1)] = Regexp.last_match(3)
+                when /^DBG Added module group:"([^"]+)" name:"([^"]+)", version:"([^"]+)" interface:"([^"]+)"$/
+                  data[Regexp.last_match(2)] = "#{Regexp.last_match(4)} #{Regexp.last_match(1)} v#{Regexp.last_match(3)}"
+                when %r{^DBG License result \(/license/(\S+)\): (.+)$}
+                  data[Regexp.last_match(1)] = Regexp.last_match(2)
+                when /^LOG (.+) version ([0-9.]+)$/
+                  data['product_name'] = Regexp.last_match(1)
+                  data['product_version'] = Regexp.last_match(2)
+                when /^LOG Initializing FASP version ([^,]+),/
+                  data['ascp_version'] = Regexp.last_match(1)
                 end
               end
-              if !thread.value.exitstatus.eql?(1) && !data.has_key?('root')
+              if !thread.value.exitstatus.eql?(1) && !data.key?('root')
                 raise last_line
               end
             end
@@ -641,21 +682,21 @@ module Aspera
             when :use
               default_product = options.get_next_argument('product name')
               Fasp::Installation.instance.use_ascp_from_product(default_product)
-              preset_name = set_global_default(:ascp_path,Fasp::Installation.instance.path(:ascp))
+              preset_name = set_global_default(:ascp_path, Fasp::Installation.instance.path(:ascp))
               return Main.result_status("Saved to default global preset #{preset_name}")
             end
           when :install
-            v = Fasp::Installation.instance.install_sdk(options.get_option(:sdk_url,is_type: :mandatory))
+            v = Fasp::Installation.instance.install_sdk(options.get_option(:sdk_url, is_type: :mandatory))
             return Main.result_status("Installed version #{v}")
           when :spec
             return {
               type:   :object_list,
               data:   Fasp::Parameters.man_table,
-              fields: ['name','type',Fasp::Parameters::SUPPORTED_AGENTS_SHORT.map(&:to_s),'description'].flatten
+              fields: %w[name type].concat(Fasp::Parameters::SUPPORTED_AGENTS_SHORT.map(&:to_s), %w[description])
             }
           when :errors
             error_data = []
-            Fasp::ERROR_INFO.each_pair do |code,prop|
+            Fasp::ERROR_INFO.each_pair do |code, prop|
               error_data.push(code: code, mnemonic: prop[:c], retry: prop[:r], info: prop[:a])
             end
             return {type: :object_list, data: error_data}
@@ -664,112 +705,168 @@ module Aspera
         end
 
         # legacy actions available globally
-        PRESET_GBL_ACTIONS = %i[list overview].freeze
+        PRESET_GBL_ACTIONS = %i[list overview lookup secure].freeze
         # require existing preset
         PRESET_EXST_ACTIONS = %i[show delete get unset].freeze
         # require id
-        PRESET_INSTANCE_ACTIONS = [PRESET_EXST_ACTIONS,%i[initialize update ask set]].flatten.freeze
-        PRESET_ALL_ACTIONS = [PRESET_GBL_ACTIONS,PRESET_INSTANCE_ACTIONS].flatten.freeze
+        PRESET_INSTANCE_ACTIONS = %i[initialize update ask set].concat(PRESET_EXST_ACTIONS).freeze
+        PRESET_ALL_ACTIONS = [].concat(PRESET_GBL_ACTIONS, PRESET_INSTANCE_ACTIONS).freeze
 
-        def execute_file_action(action,config_name)
+        def execute_preset(action: nil, name: nil)
           action = options.get_next_command(PRESET_ALL_ACTIONS) if action.nil?
-          config_name = instance_identifier if config_name.nil? && PRESET_INSTANCE_ACTIONS.include?(action)
+          name = instance_identifier if name.nil? && PRESET_INSTANCE_ACTIONS.include?(action)
           # those operations require existing option
-          raise "no such preset: #{config_name}" if PRESET_EXST_ACTIONS.include?(action) && !@config_presets.has_key?(config_name)
-          selected_preset = @config_presets[config_name]
+          raise "no such preset: #{name}" if PRESET_EXST_ACTIONS.include?(action) && !@config_presets.key?(name)
+          selected_preset = @config_presets[name]
           case action
           when :list
             return {type: :value_list, data: @config_presets.keys, name: 'name'}
           when :overview
             return {type: :object_list, data: Formater.flatten_config_overview(@config_presets)}
           when :show
-            raise "no such config: #{config_name}" if selected_preset.nil?
+            raise "no such config: #{name}" if selected_preset.nil?
             return {type: :single_object, data: selected_preset}
           when :delete
-            @config_presets.delete(config_name)
+            @config_presets.delete(name)
             save_presets_to_config_file
-            return Main.result_status("Deleted: #{config_name}")
+            return Main.result_status("Deleted: #{name}")
           when :get
             param_name = options.get_next_argument('parameter name')
             value = selected_preset[param_name]
-            raise "no such option in preset #{config_name} : #{param_name}" if value.nil?
+            raise "no such option in preset #{name} : #{param_name}" if value.nil?
             case value
-            when Numeric,String then return {type: :text, data: ExtendedValue.instance.evaluate(value.to_s)}
+            when Numeric, String then return {type: :text, data: ExtendedValue.instance.evaluate(value.to_s)}
             end
             return {type: :single_object, data: value}
           when :unset
             param_name = options.get_next_argument('parameter name')
             selected_preset.delete(param_name)
             save_presets_to_config_file
-            return Main.result_status("Removed: #{config_name}: #{param_name}")
+            return Main.result_status("Removed: #{name}: #{param_name}")
           when :set
             param_name = options.get_next_argument('parameter name')
             param_value = options.get_next_argument('parameter value')
-            if !@config_presets.has_key?(config_name)
-              Log.log.debug("no such config name: #{config_name}, initializing")
-              selected_preset = @config_presets[config_name] = {}
+            if !@config_presets.key?(name)
+              Log.log.debug{"no such config name: #{name}, initializing"}
+              selected_preset = @config_presets[name] = {}
             end
-            if selected_preset.has_key?(param_name)
-              Log.log.warn("overwriting value: #{selected_preset[param_name]}")
+            if selected_preset.key?(param_name)
+              Log.log.warn{"overwriting value: #{selected_preset[param_name]}"}
             end
             selected_preset[param_name] = param_value
             save_presets_to_config_file
-            return Main.result_status("Updated: #{config_name}: #{param_name} <- #{param_value}")
+            return Main.result_status("Updated: #{name}: #{param_name} <- #{param_value}")
           when :initialize
-            config_value = options.get_next_argument('extended value (Hash)')
-            if @config_presets.has_key?(config_name)
-              Log.log.warn("configuration already exists: #{config_name}, overwriting")
+            config_value = options.get_next_argument('extended value', type: Hash)
+            if @config_presets.key?(name)
+              Log.log.warn{"configuration already exists: #{name}, overwriting"}
             end
-            @config_presets[config_name] = config_value
+            @config_presets[name] = config_value
             save_presets_to_config_file
             return Main.result_status("Modified: #{@option_config_file}")
           when :update
             #  get unprocessed options
             theopts = options.get_options_table
-            Log.log.debug("opts=#{theopts}")
-            @config_presets[config_name] ||= {}
-            @config_presets[config_name].merge!(theopts)
+            Log.log.debug{"opts=#{theopts}"}
+            @config_presets[name] ||= {}
+            @config_presets[name].merge!(theopts)
             # fix bug in 4.4 (creating key "true" in "default" preset)
             @config_presets[CONF_PRESET_DEFAULT].delete(true) if @config_presets[CONF_PRESET_DEFAULT].is_a?(Hash)
             save_presets_to_config_file
-            return Main.result_status("Updated: #{config_name}")
+            return Main.result_status("Updated: #{name}")
           when :ask
             options.ask_missing_mandatory = :yes
-            @config_presets[config_name] ||= {}
-            options.get_next_argument('option names',expected: :multiple).each do |optionname|
-              option_value = options.get_interactive(:option,optionname)
-              @config_presets[config_name][optionname] = option_value
+            @config_presets[name] ||= {}
+            options.get_next_argument('option names', expected: :multiple).each do |optionname|
+              option_value = options.get_interactive(:option, optionname)
+              @config_presets[name][optionname] = option_value
             end
             save_presets_to_config_file
-            return Main.result_status("Updated: #{config_name}")
+            return Main.result_status("Updated: #{name}")
+          when :lookup
+            BasicAuthPlugin.register_options(@agents)
+            url = options.get_option(:url, is_type: :mandatory)
+            user = options.get_option(:username, is_type: :mandatory)
+            result = lookup_preset(url: url, username: user)
+            raise 'no such config found' if result.nil?
+            return {type: :single_object, data: result}
+          when :secure
+            identifier = options.get_next_argument('config name', mandatory: false)
+            preset_names = identifier.nil? ? @config_presets.keys : [identifier]
+            secret_keywords = %w[password secret].freeze
+            preset_names.each do |pset_name|
+              preset = @config_presets[pset_name]
+              next unless preset.is_a?(Hash)
+              preset.each_key do |option_name|
+                secret_keywords.each do |keyword|
+                  next unless option_name.end_with?(keyword)
+                  vault_label = pset_name
+                  incr = 0
+                  until vault.get(label: vault_label, exception: false).nil?
+                    vault_label = "#{pset_name}#{incr}"
+                    incr += 1
+                  end
+                  to_set = {label: vault_label, password: preset[option_name]}
+                  puts "need to encode #{pset_name}.#{option_name} -> #{vault_label} -> #{to_set}"
+                  # to_copy=%i[]
+                  vault.set(to_set)
+                  preset[option_name] = "@vault:#{vault_label}.password"
+                end
+              end
+            end
+            return Main.result_status('Secrets secured in vault: Make sure to save the vault password securely.')
           end
         end
 
-        ACTIONS = [PRESET_GBL_ACTIONS,%i[id preset open documentation genkey gem plugin flush_tokens echo wizard export_to_cli detect coffee
-                                         ascp email_test smtp_settings proxy_check folder file check_update initdemo vault]].flatten.freeze
+        ACTIONS = %i[
+          id
+          preset
+          open
+          documentation
+          genkey
+          gem
+          plugin
+          flush_tokens
+          echo
+          wizard
+          export_to_cli
+          detect
+          coffee
+          ascp
+          email_test
+          smtp_settings
+          proxy_check
+          folder
+          file
+          check_update
+          initdemo
+          vault].concat(PRESET_GBL_ACTIONS).freeze
 
         # "config" plugin
         def execute_action
           action = options.get_next_command(ACTIONS)
           case action
           when *PRESET_GBL_ACTIONS # older syntax
-            return execute_file_action(action,nil)
+            Log.log.warn{"This syntax is deprecated, use command: preset #{action}"}
+            return execute_preset(action: action)
           when :id # older syntax
-            return execute_file_action(nil,options.get_next_argument('config name'))
+            identifier = options.get_next_argument('config name')
+            Log.log.warn{"This syntax is deprecated, use command: preset <verb> #{identifier}"}
+            return execute_preset(name: identifier)
           when :preset # newer syntax
-            return execute_file_action(nil,nil)
+            return execute_preset
           when :open
-            OpenApplication.instance.uri(@option_config_file.to_s) #file://
+            OpenApplication.editor(@option_config_file.to_s)
             return Main.result_nothing
           when :documentation
-            section = options.get_next_argument('private key file path',mandatory: false)
+            section = options.get_next_argument('private key file path', mandatory: false)
             section = '#' + section unless section.nil?
             OpenApplication.instance.uri("#{@info[:help]}#{section}")
             return Main.result_nothing
           when :genkey # generate new rsa key
             private_key_path = options.get_next_argument('private key file path')
-            private_key_length = options.get_next_argument('size in bits',mandatory: false) || DEFAULT_PRIVKEY_LENGTH
-            generate_rsa_private_key(private_key_path,private_key_length)
+            private_key_length = options.get_next_argument('size in bits', mandatory: false) || DEFAULT_PRIVKEY_LENGTH
+            generate_rsa_private_key(private_key_path, private_key_length)
             return Main.result_status('Generated key: ' + private_key_path)
           when :echo # display the content of a value given on command line
             result = {type: :other_struct, data: options.get_next_argument('value')}
@@ -785,9 +882,9 @@ module Aspera
             when :list
               return {type: :object_list, data: @plugins.keys.map { |i| { 'plugin' => i.to_s, 'path' => @plugins[i][:source] } }, fields: %w[plugin path]}
             when :create
-              plugin_name = options.get_next_argument('name',expected: :single).downcase
-              plugin_folder = options.get_next_argument('folder',expected: :single,mandatory: false) || File.join(@main_folder,ASPERA_PLUGINS_FOLDERNAME)
-              plugin_file = File.join(plugin_folder,"#{plugin_name}.rb")
+              plugin_name = options.get_next_argument('name', expected: :single).downcase
+              plugin_folder = options.get_next_argument('folder', expected: :single, mandatory: false) || File.join(@main_folder, ASPERA_PLUGINS_FOLDERNAME)
+              plugin_file = File.join(plugin_folder, "#{plugin_name}.rb")
               content = <<~END_OF_PLUGIN_CODE
                 require 'aspera/cli/plugin'
                 module Aspera
@@ -801,7 +898,7 @@ module Aspera
                   end # Cli
                 end # Aspera
               END_OF_PLUGIN_CODE
-              File.write(plugin_file,content)
+              File.write(plugin_file, content)
               return Main.result_status("Created #{plugin_file}")
             end
           when :wizard
@@ -809,15 +906,15 @@ module Aspera
             options.ask_missing_mandatory = true
             # register url option
             BasicAuthPlugin.register_options(@agents)
-            params={}
+            params = {}
             # get from option, or ask
-            params[:instance_url] = options.get_option(:url,is_type: :mandatory)
+            params[:instance_url] = options.get_option(:url, is_type: :mandatory)
             # allow user to tell the preset name
             params[:preset_name] = options.get_option(:id)
             # allow user to specify type of application
             params[:application] = options.get_option(:value)
             params[:application] = params[:application].nil? ? identify_plugin_for_url(params[:instance_url])[:product] : params[:application].to_sym
-            params[:plugin_name]=params[:application]
+            params[:plugin_name] = params[:application]
             params[:test_args] = '<replace per app>'
             case params[:application]
             when :faspex5
@@ -825,7 +922,7 @@ module Aspera
             when :aoc
               wizard_aoc(params)
             else
-              raise CliBadArgument,"Supports only: aoc. Detected: #{params[:application]}"
+              raise CliBadArgument, "Supports only: aoc. Detected: #{params[:application]}"
             end # product
             if params[:option_default]
               self.format.display_status("Setting config preset as default for #{params[:plugin_name]}")
@@ -843,23 +940,23 @@ module Aspera
             add_plugin_default_preset(AOC_COMMAND_V3.to_sym)
             # instanciate AoC plugin
             self.class.plugin_class(AOC_COMMAND_CURRENT).new(@agents) # TODO: is this line needed ? get options ?
-            url = options.get_option(:url,is_type: :mandatory)
+            url = options.get_option(:url, is_type: :mandatory)
             cli_conf_file = Fasp::Installation.instance.cli_conf_file
             data = JSON.parse(File.read(cli_conf_file))
-            organization,instance_domain = AoC.parse_url(url)
+            organization, instance_domain = AoC.parse_url(url)
             key_basename = 'org_' + organization + '.pem'
-            key_file = File.join(File.dirname(File.dirname(cli_conf_file)),'etc',key_basename)
-            File.write(key_file,options.get_option(:private_key,is_type: :mandatory))
+            key_file = File.join(File.dirname(File.dirname(cli_conf_file)), 'etc', key_basename)
+            File.write(key_file, options.get_option(:private_key, is_type: :mandatory))
             new_conf = {
               'organization'       => organization,
-              'hostname'           => [organization,instance_domain].join('.'),
+              'hostname'           => [organization, instance_domain].join('.'),
               'privateKeyFilename' => key_basename,
-              'username'           => options.get_option(:username,is_type: :mandatory)
+              'username'           => options.get_option(:username, is_type: :mandatory)
             }
             new_conf['clientId'] = options.get_option(:client_id)
             new_conf['clientSecret'] = options.get_option(:client_secret)
             if new_conf['clientId'].nil?
-              new_conf['clientId'],new_conf['clientSecret'] = AoC.get_client_info
+              new_conf['clientId'], new_conf['clientSecret'] = AoC.get_client_info
             end
             entry = data['AoCAccounts'].find{|i|i['organization'].eql?(organization)}
             if entry.nil?
@@ -869,12 +966,12 @@ module Aspera
               self.format.display_status("Updating existing aoc entry: #{organization}")
               entry.merge!(new_conf)
             end
-            File.write(cli_conf_file,JSON.pretty_generate(data))
+            File.write(cli_conf_file, JSON.pretty_generate(data))
             return Main.result_status("Updated: #{cli_conf_file}")
           when :detect
             # need url / username
             BasicAuthPlugin.register_options(@agents)
-            return {type: :single_object, data: identify_plugin_for_url(options.get_option(:url,is_type: :mandatory))}
+            return {type: :single_object, data: identify_plugin_for_url(options.get_option(:url, is_type: :mandatory))}
           when :coffee
             OpenApplication.instance.uri('https://enjoyjava.com/wp-content/uploads/2018/01/How-to-make-strong-coffee.jpg')
             return Main.result_nothing
@@ -891,22 +988,22 @@ module Aspera
           when :file
             return Main.result_status(@option_config_file)
           when :email_test
-            send_email_template({},EMAIL_TEST_TEMPLATE)
+            send_email_template(email_template_default: EMAIL_TEST_TEMPLATE)
             return Main.result_nothing
           when :smtp_settings
             return {type: :single_object, data: email_settings}
           when :proxy_check
             # ensure fpac was provided
-            options.get_option(:fpac,is_type: :mandatory)
+            options.get_option(:fpac, is_type: :mandatory)
             server_url = options.get_next_argument('server url')
             return Main.result_status(@pac_exec.find_proxy_for_url(server_url))
           when :check_update
             return {type: :single_object, data: check_gem_version}
           when :initdemo
-            if @config_presets.has_key?(DEMO_SERVER_PRESET)
-              Log.log.warn("Demo server preset already present: #{DEMO_SERVER_PRESET}")
+            if @config_presets.key?(DEMO_SERVER_PRESET)
+              Log.log.warn{"Demo server preset already present: #{DEMO_SERVER_PRESET}"}
             else
-              Log.log.info("Creating Demo server preset: #{DEMO_SERVER_PRESET}")
+              Log.log.info{"Creating Demo server preset: #{DEMO_SERVER_PRESET}"}
               @config_presets[DEMO_SERVER_PRESET] = {
                 'url'                                    => 'ssh://' + DEMO + '.asperasoft.com:33001',
                 'username'                               => AOC_COMMAND_V2,
@@ -914,76 +1011,37 @@ module Aspera
               }
             end
             @config_presets[CONF_PRESET_DEFAULT] ||= {}
-            if @config_presets[CONF_PRESET_DEFAULT].has_key?(SERVER_COMMAND)
-              Log.log.warn("Server default preset already set to: #{@config_presets[CONF_PRESET_DEFAULT][SERVER_COMMAND]}")
-              Log.log.warn("Use #{DEMO_SERVER_PRESET} for demo: -P#{DEMO_SERVER_PRESET}") unless
+            if @config_presets[CONF_PRESET_DEFAULT].key?(SERVER_COMMAND)
+              Log.log.warn{"Server default preset already set to: #{@config_presets[CONF_PRESET_DEFAULT][SERVER_COMMAND]}"}
+              Log.log.warn{"Use #{DEMO_SERVER_PRESET} for demo: -P#{DEMO_SERVER_PRESET}"} unless
                 DEMO_SERVER_PRESET.eql?(@config_presets[CONF_PRESET_DEFAULT][SERVER_COMMAND])
             else
               @config_presets[CONF_PRESET_DEFAULT][SERVER_COMMAND] = DEMO_SERVER_PRESET
-              Log.log.info("Setting server default preset to : #{DEMO_SERVER_PRESET}")
+              Log.log.info{"Setting server default preset to : #{DEMO_SERVER_PRESET}"}
             end
             save_presets_to_config_file
             return Main.result_status('Done')
-          when :vault
-            command = options.get_next_command(%i[init list get set delete])
-            case command
-            when :init
-              type = options.get_option(:value)
-              case type
-              when 'config',NilClass
-                raise 'default secrets already exists' if @config_presets.has_key?(CONF_PRESET_SECRETS)
-                @config_presets[CONF_PRESET_SECRETS] = {}
-                set_global_default(:secrets,"@preset:#{CONF_PRESET_SECRETS}")
-              else raise 'no such vault type'
-              end
-              return Main.result_status('Done')
-            when :list
-              return {type: :object_list, data: vault.list}
-            when :set
-              # register url option
-              BasicAuthPlugin.register_options(@agents)
-              username = options.get_option(:username,is_type: :mandatory)
-              url = options.get_option(:url,is_type: :mandatory)
-              description = options.get_option(:value)
-              secret = options.get_next_argument('secret')
-              vault.set(username: username, url: url, description: description, secret: secret)
-              save_presets_to_config_file if vault.is_a?(Keychain::EncryptedHash)
-              return Main.result_status('Done')
-            when :get
-              # register url option
-              BasicAuthPlugin.register_options(@agents)
-              username = options.get_option(:username,is_type: :mandatory)
-              url = options.get_option(:url)
-              result = vault.get(username: username, url: url)
-              return {type: :single_object, data: result}
-            when :delete
-              # register url option
-              BasicAuthPlugin.register_options(@agents)
-              username = options.get_option(:username,is_type: :mandatory)
-              url = options.get_option(:url)
-              vault.delete(username: username, url: url)
-              return Main.result_status('Done')
-            end
+          when :vault then execute_vault
           else raise 'INTERNAL ERROR: wrong case'
           end
         end
 
         # @return email server setting with defaults if not defined
         def email_settings
-          smtp = options.get_option(:smtp,is_type: :mandatory)
+          smtp = options.get_option(:smtp, is_type: :mandatory)
           # change string keys into symbol keys
-          smtp = smtp.keys.each_with_object({}){|v,m|m[v.to_sym] = smtp[v];}
+          smtp = smtp.keys.each_with_object({}){|v, m|m[v.to_sym] = smtp[v]; }
           # defaults
           smtp[:tls] ||= true
           smtp[:port] ||= smtp[:tls] ? 587 : 25
-          smtp[:from_email] ||= smtp[:username] if smtp.has_key?(:username)
-          smtp[:from_name] ||= smtp[:from_email].gsub(/@.*$/,'').gsub(/[^a-zA-Z]/,' ').capitalize if smtp.has_key?(:username)
-          smtp[:domain] ||= smtp[:from_email].gsub(/^.*@/,'') if smtp.has_key?(:from_email)
+          smtp[:from_email] ||= smtp[:username] if smtp.key?(:username)
+          smtp[:from_name] ||= smtp[:from_email].gsub(/@.*$/, '').gsub(/[^a-zA-Z]/, ' ').capitalize if smtp.key?(:username)
+          smtp[:domain] ||= smtp[:from_email].gsub(/^.*@/, '') if smtp.key?(:from_email)
           # check minimum required
           %i[server port domain].each do |n|
-            raise "Missing smtp parameter: #{n}" unless smtp.has_key?(n)
+            raise "Missing smtp parameter: #{n}" unless smtp.key?(n)
           end
-          Log.log.debug("smtp=#{smtp}")
+          Log.log.debug{"smtp=#{smtp}"}
           return smtp
         end
 
@@ -992,41 +1050,41 @@ module Aspera
           Kernel.binding
         end
 
-        def send_email_template(vars,email_template_default=nil)
-          vars[:to] ||= options.get_option(:notif_to,is_type: :mandatory)
-          notif_template = options.get_option(:notif_template,is_type: email_template_default.nil? ? :mandatory : :optional) || email_template_default
+        def send_email_template(email_template_default: nil, values: {})
+          values[:to] ||= options.get_option(:notif_to, is_type: :mandatory)
+          notif_template = options.get_option(:notif_template, is_type: email_template_default.nil? ? :mandatory : :optional) || email_template_default
           mail_conf = email_settings
-          vars[:from_name] ||= mail_conf[:from_name]
-          vars[:from_email] ||= mail_conf[:from_email]
+          values[:from_name] ||= mail_conf[:from_name]
+          values[:from_email] ||= mail_conf[:from_email]
           %i[from_name from_email].each do |n|
-            raise "Missing email parameter: #{n}" unless vars.has_key?(n)
+            raise "Missing email parameter: #{n}" unless values.key?(n)
           end
           start_options = [mail_conf[:domain]]
-          start_options.push(mail_conf[:username],mail_conf[:password],:login) if mail_conf.has_key?(:username) && mail_conf.has_key?(:password)
-          # create a binding with only variables defined in vars
+          start_options.push(mail_conf[:username], mail_conf[:password], :login) if mail_conf.key?(:username) && mail_conf.key?(:password)
+          # create a binding with only variables defined in values
           template_binding = empty_binding
           # add variables to binding
-          vars.each do |k,v|
+          values.each do |k, v|
             raise "key (#{k.class}) must be Symbol" unless k.is_a?(Symbol)
-            template_binding.local_variable_set(k,v)
+            template_binding.local_variable_set(k, v)
           end
           # execute template
           msg_with_headers = ERB.new(notif_template).result(template_binding)
-          Log.dump(:msg_with_headers,msg_with_headers)
+          Log.dump(:msg_with_headers, msg_with_headers)
           smtp = Net::SMTP.new(mail_conf[:server], mail_conf[:port])
           smtp.enable_starttls if mail_conf[:tls]
           smtp.start(*start_options) do |smtp_session|
-            smtp_session.send_message(msg_with_headers, vars[:from_email], vars[:to])
+            smtp_session.send_message(msg_with_headers, values[:from_email], values[:to])
           end
         end
 
         def save_presets_to_config_file
           raise 'no configuration loaded' if @config_presets.nil?
           FileUtils.mkdir_p(@main_folder) unless Dir.exist?(@main_folder)
-          File.chmod(0700,@main_folder)
-          Log.log.debug("Writing #{@option_config_file}")
-          File.write(@option_config_file,@config_presets.to_yaml)
-          File.chmod(0600,@option_config_file)
+          Log.log.debug{"Writing #{@option_config_file}"}
+          File.write(@option_config_file, @config_presets.to_yaml)
+          Environment.restrict_file_access(@main_folder)
+          Environment.restrict_file_access(@option_config_file)
         end
 
         # returns [String] name if config_presets has default
@@ -1037,53 +1095,114 @@ module Aspera
             Log.log.debug('skip default config')
             return nil
           end
-          if @config_presets.has_key?(CONF_PRESET_DEFAULT) &&
-          @config_presets[CONF_PRESET_DEFAULT].has_key?(plugin_sym.to_s)
+          if @config_presets.key?(CONF_PRESET_DEFAULT) &&
+              @config_presets[CONF_PRESET_DEFAULT].key?(plugin_sym.to_s)
             default_config_name = @config_presets[CONF_PRESET_DEFAULT][plugin_sym.to_s]
-            if !@config_presets.has_key?(default_config_name)
-              Log.log.error("Default config name [#{default_config_name}] specified for plugin [#{plugin_sym}], but it does not exist in config file.\n"\
-                'Please fix the issue: either create preset with one parameter: '\
-                "(#{@info[:name]} config id #{default_config_name} init @json:'{}') or remove default (#{@info[:name]} config id default remove #{plugin_sym}).")
+            if !@config_presets.key?(default_config_name)
+              Log.log.error do
+                "Default config name [#{default_config_name}] specified for plugin [#{plugin_sym}], but it does not exist in config file.\n"\
+                  'Please fix the issue: either create preset with one parameter: '\
+                  "(#{@info[:name]} config id #{default_config_name} init @json:'{}') or remove default (#{@info[:name]} config id default remove #{plugin_sym})."
+              end
             end
-            raise CliError,"Config name [#{default_config_name}] must be a hash, check config file." if !@config_presets[default_config_name].is_a?(Hash)
+            raise CliError, "Config name [#{default_config_name}] must be a hash, check config file." if !@config_presets[default_config_name].is_a?(Hash)
             return default_config_name
           end
           return nil
         end # get_plugin_default_config_name
 
+        ALLOWED_KEYS = %i[password username description].freeze
+        def execute_vault
+          command = options.get_next_command(%i[list show create delete password])
+          case command
+          when :list
+            return {type: :object_list, data: vault.list}
+          when :show
+            return {type: :single_object, data: vault.get(label: options.get_next_argument('label'))}
+          when :create
+            label = options.get_next_argument('label')
+            info = options.get_next_argument('info Hash')
+            raise 'info must be Hash' unless info.is_a?(Hash)
+            info = info.symbolize_keys
+            info[:label] = label
+            vault.set(info)
+            return Main.result_status('Password added')
+          when :delete
+            vault.delete(label: options.get_next_argument('label'))
+            return Main.result_status('Password deleted')
+          when :password
+            raise 'Vault does not support password change' unless vault.respond_to?(:password=)
+            new_password = options.get_next_argument('new_password')
+            vault.password = new_password
+            vault.save
+            return Main.result_status('Password updated')
+          end
+        end
+
+        def vault_value(name)
+          m = name.match(/^(.+)\.(.+)$/)
+          raise 'vault name shall match <name>.<param>' if m.nil?
+          info = vault.get(label: m[1])
+          # raise "no such vault entry: #{m[1]}" if info.nil?
+          value = info[m[2].to_sym]
+          raise "no such entry value: #{m[2]}" if value.nil?
+          return value
+        end
+
         def vault
           if @vault.nil?
-            vault_info = options.get_option(:secrets)
-            case vault_info
-            when Hash
-              @vault = Keychain::EncryptedHash.new(vault_info)
-            when /^system/
-              name = vault_info.start_with?('system:') ? vault_info[7..-1] : nil
+            vault_info = options.get_option(:vault) || {'type' => 'file', 'name' => 'vault.bin'}
+            vault_password = options.get_option(:vault_password, is_type: :mandatory)
+            raise 'vault must be Hash' unless vault_info.is_a?(Hash)
+            vault_type = vault_info['type'] || 'file'
+            vault_name = vault_info['name'] || (vault_type.eql?('file') ? 'vault.bin' : PROGRAM_NAME)
+            case vault_type
+            when 'file'
+              # absolute_path? introduced in ruby 2.7
+              vault_path = vault_name.eql?(File.absolute_path(vault_name)) ? vault_name : File.join(@main_folder, vault_name)
+              @vault = Keychain::EncryptedHash.new(vault_path, vault_password)
+            when 'system'
               case Environment.os
               when Environment::OS_X
-                @vault = Keychain::MacosSecurity.new(name)
-              when Environment::OS_WINDOWS,Environment::OS_LINUX,Environment::OS_AIX
+                @vault = Keychain::MacosSystem.new(vault_name, vault_password)
+              when Environment::OS_WINDOWS, Environment::OS_LINUX, Environment::OS_AIX
                 raise 'not implemented'
-              else raise 'Error'
+              else raise 'Error, OS not supported'
               end
-            when NilClass
-              # keep nil
             else
-              raise CliBadArgument,'secrets shall be Hash'
+              raise CliBadArgument, "Unknown vault type: #{vault_type}"
             end
           end
           raise 'No vault defined' if @vault.nil?
           @vault
         end
 
-        def get_secret(options)
-          raise 'options shall be Hash' unless options.is_a?(Hash)
-          raise 'options shall have username' unless options.has_key?(:username)
-          secret = self.options.get_option(:secret)
+        # version of URL without trailing "/" and removing default port
+        def canonical_url(url)
+          url.gsub(%r{/+$}, '').gsub(%r{^(https://[^/]+):443$}, '\1')
+        end
+
+        def lookup_preset(url:, username:)
+          # remove extra info to maximize match
+          url = canonical_url(url)
+          Log.log.debug{"Lookup preset for #{username}@#{url}"}
+          @config_presets.each do |_k, v|
+            next unless v.is_a?(Hash)
+            conf_url = v['url'].is_a?(String) ? canonical_url(v['url']) : nil
+            return v if conf_url.eql?(url) && v['username'].eql?(username)
+          end
+          nil
+        end
+
+        def lookup_secret(url:, username:, mandatory: false)
+          secret = options.get_option(:secret)
           if secret.nil?
-            secret = vault.get(options) rescue nil
-            # mandatory by default
-            raise "please provide secret for #{options[:username]}" if secret.nil? && (options[:mandatory].nil? || options[:mandatory])
+            conf = lookup_preset(url: url, username: username)
+            if conf.is_a?(Hash)
+              Log.log.debug{"Found preset #{conf} with URL and username"}
+              secret = conf['password']
+            end
+            raise "Please provide secret for #{username} using option: secret or by setting a preset for #{username}@#{url}." if secret.nil? && mandatory
           end
           return secret
         end
@@ -1093,33 +1212,33 @@ module Aspera
           params[:plugin_name] = AOC_COMMAND_CURRENT
           organization = AoC.parse_url(params[:instance_url]).first
           # if not defined by user, generate name
-          params[:preset_name] = [params[:application],organization].join('_') if params[:preset_name].nil?
+          params[:preset_name] = [params[:application], organization].join('_') if params[:preset_name].nil?
           self.format.display_status("Preparing preset: #{params[:preset_name]}")
           # init defaults if necessary
           @config_presets[CONF_PRESET_DEFAULT] ||= {}
-          option_override = options.get_option(:override,is_type: :mandatory)
-          params[:option_default] = options.get_option(:default,is_type: :mandatory)
-          Log.log.error("override=#{option_override} -> #{option_override.class}")
-          raise CliError,"A default configuration already exists for plugin '#{params[:plugin_name]}' (use --override=yes or --default=no)" \
-            if !option_override && params[:option_default] && @config_presets[CONF_PRESET_DEFAULT].has_key?(params[:plugin_name])
-          raise CliError,"Preset already exists: #{params[:preset_name]}  (use --override=yes or --id=<name>)" \
-            if !option_override && @config_presets.has_key?(params[:preset_name])
+          option_override = options.get_option(:override, is_type: :mandatory)
+          params[:option_default] = options.get_option(:default, is_type: :mandatory)
+          Log.log.error{"override=#{option_override} -> #{option_override.class}"}
+          raise CliError, "A default configuration already exists for plugin '#{params[:plugin_name]}' (use --override=yes or --default=no)" \
+            if !option_override && params[:option_default] && @config_presets[CONF_PRESET_DEFAULT].key?(params[:plugin_name])
+          raise CliError, "Preset already exists: #{params[:preset_name]}  (use --override=yes or --id=<name>)" \
+            if !option_override && @config_presets.key?(params[:preset_name])
           # lets see if path to priv key is provided
           private_key_path = options.get_option(:pkeypath)
           # give a chance to provide
           if private_key_path.nil?
             self.format.display_status('Please provide path to your private RSA key, or empty to generate one:')
-            private_key_path = options.get_option(:pkeypath,is_type: :mandatory).to_s
+            private_key_path = options.get_option(:pkeypath, is_type: :mandatory).to_s
           end
           # else generate path
           if private_key_path.empty?
-            private_key_path = File.join(@main_folder,DEFAULT_PRIV_KEY_FILENAME)
+            private_key_path = File.join(@main_folder, DEFAULT_PRIV_KEY_FILENAME)
           end
           if File.exist?(private_key_path)
             self.format.display_status('Using existing key:')
           else
             self.format.display_status("Generating #{DEFAULT_PRIVKEY_LENGTH} bit RSA key...")
-            generate_rsa_private_key(private_key_path,DEFAULT_PRIVKEY_LENGTH)
+            generate_rsa_private_key(private_key_path, DEFAULT_PRIVKEY_LENGTH)
             self.format.display_status('Created:')
           end
           self.format.display_status(private_key_path)
@@ -1127,7 +1246,7 @@ module Aspera
           # declare command line options for AoC
           require 'aspera/cli/plugins/aoc'
           # make username mandatory for jwt, this triggers interactive input
-          options.get_option(:username,is_type: :mandatory)
+          options.get_option(:username, is_type: :mandatory)
           # instanciate AoC plugin, so that command line options are known
           aoc_api = self.class.plugin_class(params[:plugin_name]).new(@agents.merge({skip_basic_auth_options: true, private_key_path: private_key_path})).aoc_api
           auto_set_pub_key = false
@@ -1146,7 +1265,7 @@ module Aspera
             end
           else
             self.format.display_status('Using organization specific client_id.')
-            if options.get_option(:client_id).nil? || options.get_option(:client_secret,is_type: :optional).nil?
+            if options.get_option(:client_id).nil? || options.get_option(:client_secret, is_type: :optional).nil?
               self.format.display_status('Please login to your Aspera on Cloud instance.'.red)
               self.format.display_status('Go to: Apps->Admin->Organization->Integrations')
               self.format.display_status('Create or check if there is an existing integration named:')
@@ -1157,8 +1276,8 @@ module Aspera
               self.format.display_status('Please enter:'.red)
             end
             OpenApplication.instance.uri("#{params[:instance_url]}/#{AOC_PATH_API_CLIENTS}")
-            options.get_option(:client_id,is_type: :mandatory)
-            options.get_option(:client_secret,is_type: :mandatory)
+            options.get_option(:client_id, is_type: :mandatory)
+            options.get_option(:client_secret, is_type: :mandatory)
             use_browser_authentication = true
           end
           if use_browser_authentication
@@ -1171,13 +1290,13 @@ module Aspera
           end
           myself = aoc_api.read('self')[:data]
           if auto_set_pub_key
-            raise CliError,'Public key is already set in profile (use --override=yes)' unless myself['public_key'].empty? || option_override
+            raise CliError, 'Public key is already set in profile (use --override=yes)' unless myself['public_key'].empty? || option_override
             self.format.display_status('Updating profile with new key')
-            aoc_api.update("users/#{myself['id']}",{'public_key' => pub_key_pem})
+            aoc_api.update("users/#{myself['id']}", {'public_key' => pub_key_pem})
           end
           if auto_set_jwt
             self.format.display_status('Enabling JWT for client')
-            aoc_api.update("clients/#{options.get_option(:client_id)}",{'jwt_grant_enabled' => true,'explicit_authorization_required' => false})
+            aoc_api.update("clients/#{options.get_option(:client_id)}", {'jwt_grant_enabled' => true, 'explicit_authorization_required' => false})
           end
           self.format.display_status("Creating new config preset: #{params[:preset_name]}")
           @config_presets[params[:preset_name]] = {
@@ -1197,34 +1316,34 @@ module Aspera
         def wizard_faspex5(params)
           self.format.display_status('Detected: Faspex v5'.bold)
           # if not defined by user, generate unique name
-          params[:preset_name] = [params[:application],URI.parse(params[:instance_url]).host.gsub(/[^a-z0-9.]/,'').split('.')].flatten.join('_') \
+          params[:preset_name] = [params[:application]].concat(URI.parse(params[:instance_url]).host.gsub(/[^a-z0-9.]/, '').split('.')).join('_') \
             if params[:preset_name].nil?
           self.format.display_status("Preparing preset: #{params[:preset_name]}")
           # init defaults if necessary
           @config_presets[CONF_PRESET_DEFAULT] ||= {}
-          option_override = options.get_option(:override,is_type: :mandatory)
-          params[:option_default] = options.get_option(:default,is_type: :mandatory)
-          Log.log.error("override=#{option_override} -> #{option_override.class}")
-          raise CliError,"A default configuration already exists for plugin '#{params[:plugin_name]}' (use --override=yes or --default=no)" \
-            if !option_override && params[:option_default] && @config_presets[CONF_PRESET_DEFAULT].has_key?(params[:plugin_name])
-          raise CliError,"Preset already exists: #{params[:preset_name]}  (use --override=yes or --id=<name>)" \
-            if !option_override && @config_presets.has_key?(params[:preset_name])
+          option_override = options.get_option(:override, is_type: :mandatory)
+          params[:option_default] = options.get_option(:default, is_type: :mandatory)
+          Log.log.error{"override=#{option_override} -> #{option_override.class}"}
+          raise CliError, "A default configuration already exists for plugin '#{params[:plugin_name]}' (use --override=yes or --default=no)" \
+            if !option_override && params[:option_default] && @config_presets[CONF_PRESET_DEFAULT].key?(params[:plugin_name])
+          raise CliError, "Preset already exists: #{params[:preset_name]}  (use --override=yes or --id=<name>)" \
+            if !option_override && @config_presets.key?(params[:preset_name])
           # lets see if path to priv key is provided
           private_key_path = options.get_option(:pkeypath)
           # give a chance to provide
           if private_key_path.nil?
             self.format.display_status('Please provide path to your private RSA key, or empty to generate one:')
-            private_key_path = options.get_option(:pkeypath,is_type: :mandatory).to_s
+            private_key_path = options.get_option(:pkeypath, is_type: :mandatory).to_s
           end
           # else generate path
           if private_key_path.empty?
-            private_key_path = File.join(@main_folder,DEFAULT_PRIV_KEY_FILENAME)
+            private_key_path = File.join(@main_folder, DEFAULT_PRIV_KEY_FILENAME)
           end
           if File.exist?(private_key_path)
             self.format.display_status('Using existing key:')
           else
             self.format.display_status("Generating #{DEFAULT_PRIVKEY_LENGTH} bit RSA key...")
-            generate_rsa_private_key(private_key_path,DEFAULT_PRIVKEY_LENGTH)
+            generate_rsa_private_key(private_key_path, DEFAULT_PRIVKEY_LENGTH)
             self.format.display_status('Created:')
           end
           self.format.display_status(private_key_path)
@@ -1245,8 +1364,8 @@ module Aspera
             :username.to_s      => options.get_option(:username),
             :auth.to_s          => :jwt.to_s,
             :private_key.to_s   => '@file:' + private_key_path,
-            :client_id.to_s     => options.get_option(:client_id,is_type: :mandatory),
-            :client_secret.to_s => options.get_option(:client_secret,is_type: :mandatory)
+            :client_id.to_s     => options.get_option(:client_id, is_type: :mandatory),
+            :client_secret.to_s => options.get_option(:client_secret, is_type: :mandatory)
           }
           params[:test_args] = "#{params[:plugin_name]} user profile show"
         end