coy 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+.rvmrc
+Gemfile.lock
+tmp
+.coy
+pkg

data/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,7 @@
+Copyright (c) 2013 Joel Helbling
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,102 @@
+[![Build Status](https://travis-ci.org/joelhelbling/coy.png)](https://travis-ci.org/joelhelbling/coy)
+
+# Coy
+
+/koi/ Adjective: *reluctant to give details, esp. about something regarded as
+sensitive.*
+
+A utility for protecting shy data, Coy uses TrueCrypt to set up a vcs-ignored\*,
+encrypted volume within your project project for storing sensitive
+information.  This allows access to that sensitive material _while
+you're developing or running your application_ but after you close it,
+the data is inaccessible\*\*.
+
+You probably don't want to store a whole project in there; usually the
+sensitive bits are just a few bytes of stuff, such as passwords, personally
+identifying information, etc.  Accordingly, Coy's protected directories have
+a 2Mb capacity.
+
+\* _Git, Mercurial and SVN (See [Ignorance](http://github.com/joelhelbling/ignorance).)_
+
+\*\* _Encrypted with AES and a Whirlpool hash algorithm._
+
+## Installation
+
+First, you'll need to [install TrueCrypt](http://www.truecrypt.org/downloads) and ensure
+its command-line utility is visible in your path:
+
+    $ which truecrypt
+
+Now you can add this line to your application's Gemfile:
+
+    gem 'coy'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install coy
+
+
+## Usage
+
+This would create a new protected directory called "secret":
+
+    $ coy create secret
+
+This mounts the newly created TrueCrypt volume:
+
+    $ coy open secret
+
+Now you can slip on in there:
+
+    $ cd secret/
+
+And stash some top-secret tidbits that your program will need:
+
+    $ echo "---\n - :santas_little_helper: me" > hush-hush.yaml
+
+And then, in your ruby code:
+
+```ruby
+File.exists? './secret/hush-hush.yaml' #=> true
+```
+
+Once you're done developing or delivering toys and whatnot, you can
+close up shop:
+
+```
+$ cd ..
+$ coy close secret
+```
+
+And at this point, the `secret/` directory is inaccessible (unmounted).
+
+```ruby
+Dir.exists? './secret/' #=> false
+```
+
+Now your secret identity is protected by AES encryption, a Whirlpool hash,
+your awesome password, and whatever other measures TrueCrypt uses.  Dobermans,
+probably.
+
+### Password
+
+The `create` and `open` commands require a password.  Coy will prompt you,
+and mask the input.  On the other hand, if you're safe in the batcave, you
+can include the password as a command-line argument:
+
+    $ coy create secret --password l33tp@55w0rd
+    $ coy open secret -p l33tp@55w0rd
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Write tests!
+4. Commit your changes (`git commit -am 'Add some feature'`)
+5. Push to the branch (`git push origin my-new-feature`)
+6. Create new Pull Request
+

data/Rakefile

@@ -0,0 +1,15 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+require 'cucumber/rake/task'
+
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.verbose = false
+  t.pattern = 'spec/lib/**/*_spec.rb'
+  t.rspec_opts = " --format doc"
+end
+
+Cucumber::Rake::Task.new(:cukes) do |t|
+  t.cucumber_opts = "features --format pretty"
+end
+
+task default: :spec

data/bin/coy

@@ -0,0 +1,58 @@
+#!/usr/bin/env ruby
+
+$:.unshift File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+require 'main'
+require 'coy'
+
+Main {
+  description <<-DESC
+  Coy uses TrueCrypt (installed separately) to create and manage
+  a protected, git-ignored directory within your project.
+
+  For help with individual operations (create|open|close) type
+  `coy <operation> -h`
+  DESC
+
+  mode 'create' do
+    argument('name') {
+      description "...of the protected directory."
+      default "secret"
+    }
+    option('password=[PASSWORD]', 'p') {
+      cast :string
+      description "set a password for the new protected directory"
+    }
+
+    def run()
+      puts Coy::Operation.new(:create, params.to_options).go
+    end
+  end
+
+  mode 'open' do
+    argument('name') {
+      description "...of the protected directory."
+      default "secret"
+    }
+    option('password=[PASSWORD]', 'p') {
+      cast :string
+      description "password to unlock the protected directory"
+    }
+    def run()
+      puts Coy::Operation.new(:open, params.to_options).go
+    end
+  end
+
+  mode 'close' do
+    argument('name') {
+      description "...of the protected directory."
+      default "secret"
+    }
+    def run()
+      puts Coy::Operation.new(:close, params.to_options).go
+    end
+  end
+
+  run { puts params.to_options.inspect }
+}
+

data/coy.gemspec

@@ -0,0 +1,30 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'coy/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "coy"
+  gem.version       = Coy::VERSION
+  gem.authors       = ["Joel Helbling"]
+  gem.email         = ["joel@joelhelbling.com"]
+  gem.description   = %q{Protects sensitive file artifacts in a project, e.g. a yaml file with passwords in it.}
+  gem.summary       = %q{Easily create AES-encrypted directories within a project to protect sensitive information.  Uses TrueCrypt (required to install) and uses Ignorance to prevent contents of protected directories from being inadvertently being added to a version control repository (Git, Hg, SVN).}
+  gem.homepage      = "http://github.com/joelhelbling/coy"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency 'ignorance', '>= 0.0.1'
+  gem.add_dependency 'highline', '~> 1.6.15'
+  gem.add_dependency 'main', '~> 5.1.1'
+
+  gem.add_development_dependency 'rspec',     '~> 2.12.0'
+  gem.add_development_dependency 'fakefs',    '~> 0.4.2'
+  gem.add_development_dependency 'cucumber',  '~> 1.2.1'
+  gem.add_development_dependency 'aruba',     '~> 0.5.1'
+  gem.add_development_dependency 'rake',      '~> 10.0.3'
+end
+

data/features/ignore_file.feature

@@ -0,0 +1,138 @@
+@ignore
+Feature: Check the project's .gitignore file to ensure
+  coy assets will not be inadvertently committed/pushed/published.
+
+  @not-ignored @auto-add @git
+  Scenario: no ignore file, but we agree to automatic add (Git)
+    Given the current directory is a git repo
+    And a file named ".gitignore" should not exist
+    And I run `coy create secret --password fuzz` interactively
+    When I type "Y"
+    And I type "Y"
+    Then the output should contain:
+    """
+    add .coy to this project's .gitignore file automatically?
+    """
+    And the output should contain:
+    """
+    add secret to this project's .gitignore file automatically?
+    """
+    And the output should contain:
+    """
+    Protected directory "secret" successfully created.
+    """
+    And the file ".gitignore" should contain ".coy"
+    And the file ".gitignore" should contain "secret"
+
+  @not-ignored @auto-add @hg
+  Scenario: no ignore file, but we agree to automatic add (Hg)
+    Given I have an appropriate .gitignore file
+    Given the current directory is a mercurial repo
+    And a file named ".hgignore" should not exist
+    And I run `coy create secret --password fuzz` interactively
+    When I type "Y"
+    And I type "Y"
+    Then the output should contain:
+    """
+    add .coy to this project's .hgignore file automatically?
+    """
+    And the output should contain:
+    """
+    add secret to this project's .hgignore file automatically?
+    """
+    And the output should contain:
+    """
+    Protected directory "secret" successfully created.
+    """
+    And the file ".hgignore" should contain ".coy"
+    And the file ".hgignore" should contain "secret"
+
+  @not-ignored @auto-add @svn
+  Scenario: no ignore file, but we agree to automatic add (SVN)
+    Given I have an appropriate .gitignore file
+    Given the current directory is a svn repo
+    And a file named ".svnignore" should not exist
+    And I run `coy create secret --password fuzz` interactively
+    When I type "Y"
+    And I type "Y"
+    Then the output should contain:
+    """
+    add .coy to this project's .svnignore file automatically?
+    """
+    And the output should contain:
+    """
+    add secret to this project's .svnignore file automatically?
+    """
+    And the output should contain:
+    """
+    Protected directory "secret" successfully created.
+    """
+    And the file ".svnignore" should contain ".coy"
+    And the file ".svnignore" should contain "secret"
+
+  @no-auto-add @git
+  Scenario: volume not in ignore file, and we decline auto-add (Git)
+    Given we ignore coy with git
+    And I run `coy create secret --password fuzz` interactively
+    When I type "n"
+    Then the output should contain:
+    """
+    WARNING: please add "secret" to this project's .gitignore file!
+    """
+
+  @no-auto-add @hg
+  Scenario: volume not in ignore file, and we decline auto-add (Hg)
+    Given I have an appropriate .gitignore file
+    And the current directory is a mercurial repo
+    And we ignore coy with hg
+    And I run `coy create secret --password fuzz` interactively
+    When I type "n"
+    Then the output should contain:
+    """
+    WARNING: please add "secret" to this project's .hgignore file!
+    """
+
+  @no-auto-add @svn
+  Scenario: volume not in ignore file, and we decline auto-add (Git)
+    Given I have an appropriate .gitignore file
+    And the current directory is a svn repo
+    And we ignore coy with svn
+    And I run `coy create secret --password fuzz` interactively
+    When I type "n"
+    Then the output should contain:
+    """
+    WARNING: please add "secret" to this project's .svnignore file!
+    """
+
+  @already-ignored @git
+  Scenario: ignore file includes both .coy and "secret" (Git)
+    Given a .gitignore with:
+    """
+    .coy
+    secret
+    """
+    When I run `coy create secret -p fuzz`
+    Then the output should contain "success"
+
+  @already-ignored @hg
+  Scenario: ignore file includes both .coy and "secret" (Hg)
+    Given I have an appropriate .gitignore file
+    And the current directory is a mercurial repo
+    Given a .hgignore with:
+    """
+    .coy
+    secret
+    """
+    When I run `coy create secret -p fuzz`
+    Then the output should contain "success"
+  @already-ignored @svn
+  Scenario: ignore file includes both .coy and "secret" (SVN)
+    Given I have an appropriate .gitignore file
+    And the current directory is a svn repo
+    Given a .svnignore with:
+    """
+    .coy
+    secret
+    """
+    When I run `coy create secret -p fuzz`
+    Then the output should contain "success"

data/features/step_definitions/coy_steps.rb

@@ -0,0 +1,20 @@
+Given /^I have a protected directory named "(.*?)" with password "(.*?)"$/ do |vol_name, password|
+  @password = password
+  step "I run `coy create #{vol_name} --password #{password}`"
+end
+
+Given /^protected directory "(.*?)" is open$/ do |vol_name|
+  step "I run `truecrypt .coy/#{vol_name}.tc --password=#@password #{vol_name}`"
+  remember_we_opened vol_name
+  step "a directory named \"#{vol_name}\" should exist"
+end
+
+Then /^a protected directory named "(.*?)" should exist/ do |vol_name|
+  step "a directory named \"#{vol_name}\" should exist"
+  remember_we_opened vol_name
+end
+
+Then /^let's cleanup "(.*?)"$/ do |vol_name|
+  step "I run `truecrypt -d .coy/#{vol_name}.tc`"
+end
+

data/features/step_definitions/ignore_steps.rb

@@ -0,0 +1,17 @@
+Given /I have an appropriate \.gitignore file/ do
+  step "a file named \".gitignore\" with:", ".coy\nfoo\nbar\nsecret"
+end
+
+Given /^the current directory is a (.*?) repo$/ do |vcs|
+  repo_dir = {'git' => '.git', 'mercurial' => '.hg', 'svn' => '.svn'}[vcs.downcase]
+  step "a directory named \"#{repo_dir}\""
+end
+
+Given /^a ([^ ]+) with:$/ do |ignore_file, string|
+  step "a file named \"#{ignore_file}\" with:", string
+end
+
+Given /^we ignore coy with (.*?)$/ do |vcs|
+  ignore_file = {:git => '.gitignore', :hg => '.hgignore', :svn => '.svnignore'}[vcs.downcase.to_sym]
+  step "a file named \"#{ignore_file}\" with:", ".coy\n"
+end

data/features/support/cleanup_truecrypt.rb

@@ -0,0 +1,21 @@
+module CleanupTruecrypt
+  def remember_we_opened(vol_name)
+    @opened_tc_volumes ||= []
+    @opened_tc_volumes << vol_name
+  end
+
+  def close_all_opened_tc_volumes
+    @opened_tc_volumes && @opened_tc_volumes.each do |vol|
+      print "    # CLEANUP: was truecrypt volume \"#{vol}\" closed?  "
+      if File.directory? File.join('tmp', 'aruba', vol)
+        print "No, shutting it down now..."
+        step "let's cleanup \"#{vol}\""
+      else
+        print "Yes."
+      end
+    end
+  end
+end
+
+World CleanupTruecrypt
+

data/features/support/env.rb

@@ -0,0 +1,12 @@
+$:.unshift File.expand_path(File.join(File.dirname(__FILE__), '..', '..', 'lib'))
+
+require 'aruba/cucumber'
+
+Before do
+  @aruba_timeout_seconds = 120
+end
+
+After do
+  close_all_opened_tc_volumes
+end
+

data/features/truecrypt.feature

@@ -0,0 +1,41 @@
+@truecrypt
+Feature: Interact with truecrypt volumes
+
+  Background:
+    Given I have an appropriate .gitignore file
+
+  @create
+  Scenario Outline: create a plain 'ole volume with the name provided
+    Given a file named ".coy/secret.tc" should not exist
+    When I run `coy create secret <password_flag> fuzz`
+    Then the output should contain:
+    """
+    Protected directory "secret" successfully created
+    """
+    And a directory named ".coy" should exist
+    And a file named ".coy/secret.tc" should exist
+
+  Examples:
+    | password_flag |
+    | --password    |
+    | -p            |
+
+  @open
+  Scenario Outline: open a protected directory
+    Given a directory named "foo" should not exist
+    And I have a protected directory named "foo" with password "fuzz"
+    When I run `coy open foo <password_flag> fuzz`
+    Then a protected directory named "foo" should exist
+
+  Examples:
+    | password_flag |
+    | --password    |
+    | -p            |
+
+  @close
+  Scenario: close an opened protected directory
+    Given I have a protected directory named "bar" with password "fuzz"
+    And protected directory "bar" is open
+    When I run `coy close bar`
+    Then a directory named "bar" should not exist
+

data/lib/coy.rb

@@ -0,0 +1,2 @@
+require 'coy/version'
+require 'coy/operation'

data/lib/coy/operation.rb

@@ -0,0 +1,115 @@
+require 'highline'
+require 'ignorance'
+require 'truecrypt'
+require 'coy/random_source'
+
+module Coy
+  class Operation
+
+    COY_DIR = '.coy'
+    COY_COMMENT = "added by coy"
+
+    def initialize(action, p={})
+
+      guard_truecrypt_installed
+
+      @action = action
+      p[:short_name] ||= (p[:name] || p['name'])
+      p[:file_name]    = format_name(p[:short_name])
+      p[:password]   ||= p['password']
+      @parameters = p
+      send("parameters_for_#{@action}".to_sym)
+      Ignorance.negotiate COY_DIR, COY_COMMENT
+      Ignorance.negotiate @parameters[:short_name], COY_COMMENT
+    end
+
+    def parameters_for_create
+      @parameters[:size_in_bytes] ||= 2_000_000
+      @parameters[:encryption]    ||= 'AES'
+      @parameters[:hash]          ||= 'Whirlpool'
+      @parameters[:keyfiles]      ||= '""'
+
+      # truecrypt bug: Mac OS Extended filesystem
+      # doesn't work with the --text interface
+      @parameters[:filesystem] = 'FAT'
+    end
+
+    def parameters_for_open
+      # no special parameters for open
+    end
+
+    def parameters_for_close
+      # no special parameters for close
+    end
+
+    def go
+      send @action
+    end
+
+    private
+
+    def create
+      ensure_coy_directory_exists
+      guard_password_provided "Please provide a password for protected directory"
+      RandomSource.generate("./#{COY_DIR}/#{@parameters[:short_name]}.random") do |random_source|
+        @parameters[:random_source] = random_source
+        TrueCrypt.create_volume(@parameters) &&
+        puts("Protected directory \"#{@parameters[:short_name]}\" successfully created.")
+      end
+    end
+
+    def open
+      if guard_volume_exists
+        guard_password_provided
+        TrueCrypt.open(@parameters)
+      end
+    end
+
+    def close
+      if guard_volume_exists
+        TrueCrypt.close(@parameters)
+      end
+    end
+
+    def format_name(name='secrets')
+     "#{COY_DIR}/#{name.gsub(/\.tc$/,'')}.tc"
+    end
+
+    def guard_truecrypt_installed
+      message = <<-ERROR
+Coy requires TrueCrypt, but TrueCrypt is not installed! (Or at least it's not in the path.)
+
+You can download TrueCrypt here: http://www.truecrypt.org/downloads
+
+      ERROR
+      raise message unless TrueCrypt.installed?
+    end
+    def ensure_coy_directory_exists
+      unless File.directory?('./.coy')
+        puts "Creating .coy subdirectory..."
+        Dir.mkdir COY_DIR
+      end
+    end
+
+    def guard_volume_exists
+      volume_name = @parameters[:short_name]
+      File.exists?("#{COY_DIR}/#{volume_name}.tc").tap do |volume_exists|
+        unless volume_exists
+          warn <<-WARN
+There is no protected directory called "#{volume_name}" here.
+
+You can create one by typing `coy create #{volume_name}`
+          WARN
+        end
+      end
+    end
+
+    def guard_password_provided(msg_preamble="Please enter password for protected directory")
+      unless @parameters[:password]
+        @parameters[:password] = HighLine.new.ask("#{msg_preamble} \"#{@parameters[:short_name]}\":  ") {|x| x.echo = "*" }
+      end
+    end
+
+  end
+end
+

data/lib/coy/random_source.rb

@@ -0,0 +1,31 @@
+require 'net/http'
+
+module Coy
+  class RandomSource
+
+    DEFAULT_FILE = "./random_source"
+
+    def self.generate(file_name=DEFAULT_FILE)
+      if block_given?
+        File.open(file_name, 'w') { |fh| fh.write rand_strategy }
+        yield file_name
+        File.unlink(file_name)
+      else
+        rand_strategy
+      end
+    end
+
+    def self.rand_strategy
+      some_random_bytes.inject("") do |accumulator, random_bytes|
+        accumulator.tap do |acc|
+          acc << random_bytes.crypt(@prev.to_s.rjust(2, random_bytes))
+          @prev = random_bytes.hash.to_s
+        end
+      end
+    end
+
+    def self.some_random_bytes
+      (1500..2000).map{|number| rand(number).to_s }
+    end
+  end
+end

data/lib/coy/version.rb

@@ -0,0 +1,3 @@
+module Coy
+  VERSION = '0.0.1'
+end

data/lib/truecrypt.rb

@@ -0,0 +1,50 @@
+class TrueCrypt
+
+  def self.create_volume(p={})
+
+    volume_name   = p[:file_name]
+    mount_point   = p[:short_name]
+    volume_type   = p[:volume_type]   || 'normal'
+    size          = p[:size_in_bytes] || 5_000_000  # 5Mb
+    encryption    = p[:encryption]    || 'AES'
+    hash          = p[:hash]          || 'Whirlpool'
+    keyfiles      = p[:keyfiles]      || '""'
+    random_source = p[:random_source] || __FILE__
+    password      = p[:password]      || raise("Please provide a password")
+    filesystem    = p[:filesystem]    || 'FAT'
+
+    command = <<-TC
+      truecrypt --text                   \
+        --create #{volume_name}          \
+        --volume-type=#{volume_type}     \
+        --size=#{size}                   \
+        --encryption=#{encryption}       \
+        --hash=#{hash}                   \
+        --filesystem=#{filesystem}       \
+        --password=#{password}           \
+        --keyfiles=#{keyfiles}           \
+        --random-source=#{random_source}
+    TC
+
+    `#{command}`
+  end
+
+  # if no password provided, gui window will pop up
+  def self.open(p={})
+    file_name = p[:file_name] || raise("You must provide the name of the volume you wish to open")
+    short_name = p[:short_name]
+    pwd_param = p[:password] && "--password=#{p[:password]}"
+    `truecrypt #{file_name} #{pwd_param} #{short_name}`
+  end
+
+  def self.close(p={})
+    file_name = p[:file_name] || raise("You must provide the name of the volume you wish to close")
+    `truecrypt -d #{file_name}`
+  end
+
+  def self.installed?
+    !! `which truecrypt`.chomp.match(/truecrypt$/i)
+  end
+
+end
+

data/spec/io_helpers.rb

@@ -0,0 +1,32 @@
+require 'stringio'
+
+module IOHelpers
+
+  def output_from
+    $stdout = $stderr = fake_io
+    yield
+    fake_io.string
+  ensure
+    $stdout = STDOUT; $stderr = STDERR
+  end
+
+  def user_types(input, &block)
+    $stdin = StringIO.new input
+    output_from &block
+  ensure
+    $stdin = STDIN
+  end
+
+  def stdout_from(&block)
+    output_from &block
+  end
+
+  def stderr_from(&block)
+    output_from &block
+  end
+
+  def fake_io
+    @fake_io ||= StringIO.new
+  end
+
+end

data/spec/lib/coy/operation_spec.rb

@@ -0,0 +1,201 @@
+require 'spec_helper'
+require 'coy/operation'
+
+module Coy
+  describe Operation do
+    before do
+      Ignorance.stub(:negotiate)
+      TrueCrypt.stub(:create_volume)
+      TrueCrypt.stub(:open)
+      TrueCrypt.stub(:close)
+      TrueCrypt.stub(:installed?).and_return(true)
+    end
+
+    let(:volume) { 'foo' }
+    subject { Operation.new coy_action, coy_params }
+
+    context "when TrueCrypt is not installed" do
+      let(:coy_action) { :doesnt_matter }
+      let(:coy_params) { { name: volume } }
+
+      before { TrueCrypt.stub(:installed?).and_return(false) }
+
+      specify do
+        expect { subject }.to raise_error /truecrypt.*?not installed/i
+      end
+    end
+
+    describe ":create" do
+
+      context "required params only" do
+        let(:coy_action) { :create }
+
+        let(:coy_params) do
+          {
+            name:      volume,
+            password:  'b@r'
+          }
+        end
+
+        let(:tc_params) do
+          {
+            name:           volume,
+            short_name:     volume,
+            file_name:      ".coy/#{volume}.tc",
+            size_in_bytes:  2_000_000,
+            encryption:     'AES',
+            hash:           'Whirlpool',
+            filesystem:     'FAT',
+            password:       'b@r',
+            keyfiles:       '""',
+            random_source:  "./.coy/#{volume}.random"
+          }
+        end
+
+        it "creates a volume" do
+          TrueCrypt.should_receive(:create_volume).with(tc_params)
+          subject.go
+        end
+
+        it "negotiates adding the coy directory to ignore file" do
+          Ignorance.should_receive(:negotiate).with('.coy', Operation::COY_COMMENT)
+          subject.go
+        end
+
+        it "negotiates adding volume to ignore files" do
+          Ignorance.should_receive(:negotiate).with(volume, Operation::COY_COMMENT)
+          subject.go
+        end
+      end
+
+    end
+
+    describe ":open", :fakefs do
+      let(:coy_action) { :open }
+
+      let(:coy_params) do
+        {
+          name:      'foo',
+          password:  'b@r'
+        }
+      end
+
+      let(:tc_params) do
+        {
+          name:        'foo',
+          short_name:  'foo',
+          file_name:   '.coy/foo.tc',
+          password:    'b@r'
+        }
+      end
+
+      before do
+        Dir.mkdir '.coy'
+        File.open(".coy/#{volume}.tc", 'w') {|fh| fh.write "whatnot" }
+      end
+
+      it "opens a volume" do
+        TrueCrypt.should_receive(:open).with(tc_params)
+        subject.go
+      end
+
+      it "negotiates adding the coy directory to ignore file" do
+        Ignorance.should_receive(:negotiate).with('.coy', Operation::COY_COMMENT)
+        subject.go
+      end
+
+      it "negotiates adding volume to ignore files" do
+        Ignorance.should_receive(:negotiate).with(volume, Operation::COY_COMMENT)
+        subject.go
+      end
+    end
+
+    describe ":close", :fakefs do
+      let(:coy_action) { :close }
+
+      let(:coy_params) do
+        {
+          name:  'foo'
+        }
+      end
+
+      let(:tc_params) do
+        {
+          name:        'foo',
+          short_name:  'foo',
+          file_name:   '.coy/foo.tc',
+          password:    nil
+        }
+      end
+
+      before do
+        Dir.mkdir '.coy'
+        File.open(".coy/#{volume}.tc", 'w') {|fh| fh.write "whatnot" }
+      end
+
+      it "closes a volume" do
+        TrueCrypt.should_receive(:close).with(tc_params)
+        subject.go
+      end
+
+      it "negotiates adding the coy directory to ignore file" do
+        Ignorance.should_receive(:negotiate).with('.coy', Operation::COY_COMMENT)
+        subject.go
+      end
+
+      it "negotiates adding volume to ignore files" do
+        Ignorance.should_receive(:negotiate).with(volume, Operation::COY_COMMENT)
+        subject.go
+      end
+    end
+
+    describe "guarding against non-existant volume", :fakefs, :capture_io do
+      context "volume doesn't exist" do
+        let(:volume_name) { 'foo' }
+        let(:coy_params) { { name: volume_name } }
+
+        describe ":open" do
+          let(:coy_action) { :open }
+
+          it "advises user to create volume" do
+            expect( output_from { subject.go } ).to match /create.*?#{volume_name}/i
+          end
+        end
+
+        describe ":close" do
+          let(:coy_action) { :close }
+
+          it "advises user to create volume" do
+            expect( output_from { subject.go } ).to match /create.*?#{volume_name}/i
+          end
+        end
+      end
+    end
+
+    context "when user omits password in command-line", :fakefs, :capture_io do
+      let(:coy_params) { { name: volume } }
+
+      before do
+        Dir.mkdir '.coy'
+        File.open(".coy/#{volume}.tc", 'w') { |fh| fh.write "whatnot" }
+      end
+
+      describe ":create" do
+        let(:coy_action) { :create }
+
+        it "asks user to provide a password" do
+          expect( user_types("p@55w0rd") { subject.go } ).to match /provide.*?password.*?#{volume}/i
+        end
+      end
+
+      describe ":open" do
+        let(:coy_action) { :open }
+
+        it "prompts user for volume password" do
+          expect( user_types("p@55w0rd") { subject.go } ).to match /enter.*?password.*?#{volume}/i
+        end
+      end
+    end
+
+  end
+end

data/spec/lib/coy/random_source_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+require 'coy/random_source'
+
+module Coy
+  describe RandomSource do
+    subject { described_class }
+
+    its(:generate) { should_not be_empty }
+
+    specify "each run should be different" do
+      subject.generate.should_not == subject.generate
+    end
+
+    describe "::generate" do
+      context "with a code block", :fakefs do
+        let(:file_name) { './foo.random' }
+        context "but no file name" do
+          it "provides a default file name" do
+            expect { |b| subject.generate(&b) }.to yield_with_args(Coy::RandomSource::DEFAULT_FILE)
+          end
+        end
+        context "with file name provided" do
+          it "uses the provided file name" do
+            expect { |b| subject.generate(file_name, &b) }.to yield_with_args(file_name)
+          end
+        end
+
+        describe "generating random source file" do
+          it "writes the file to the hard drive" do
+            subject.generate(file_name) do |f_name|
+              File.new(f_name).should exist
+            end
+          end
+
+          it "deletes the file after yielding to the block" do
+            subject.generate(file_name) do |f_name|
+              File.new(f_name).should exist
+            end
+            File.exists?(file_name).should be_false
+          end
+        end
+      end
+
+    end
+
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require 'fakefs/spec_helpers'
+require File.join(File.dirname(__FILE__), 'io_helpers')
+
+$LOAD_PATH.unshift(File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib')))
+
+RSpec.configure do |cfg|
+  cfg.treat_symbols_as_metadata_keys_with_true_values = true
+  cfg.include FakeFS::SpecHelpers, fakefs: true
+  cfg.include IOHelpers, capture_io: true
+end

metadata

@@ -0,0 +1,216 @@
+--- !ruby/object:Gem::Specification
+name: coy
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Joel Helbling
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-02-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ignorance
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.1
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.15
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.15
+- !ruby/object:Gem::Dependency
+  name: main
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 5.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 5.1.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+- !ruby/object:Gem::Dependency
+  name: fakefs
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.4.2
+- !ruby/object:Gem::Dependency
+  name: cucumber
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.0.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.0.3
+description: Protects sensitive file artifacts in a project, e.g. a yaml file with
+  passwords in it.
+email:
+- joel@joelhelbling.com
+executables:
+- coy
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/coy
+- coy.gemspec
+- features/ignore_file.feature
+- features/step_definitions/coy_steps.rb
+- features/step_definitions/ignore_steps.rb
+- features/support/cleanup_truecrypt.rb
+- features/support/env.rb
+- features/truecrypt.feature
+- lib/coy.rb
+- lib/coy/operation.rb
+- lib/coy/random_source.rb
+- lib/coy/version.rb
+- lib/truecrypt.rb
+- spec/io_helpers.rb
+- spec/lib/coy/operation_spec.rb
+- spec/lib/coy/random_source_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/joelhelbling/coy
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 1409079959630218355
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 1409079959630218355
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Easily create AES-encrypted directories within a project to protect sensitive
+  information.  Uses TrueCrypt (required to install) and uses Ignorance to prevent
+  contents of protected directories from being inadvertently being added to a version
+  control repository (Git, Hg, SVN).
+test_files:
+- features/ignore_file.feature
+- features/step_definitions/coy_steps.rb
+- features/step_definitions/ignore_steps.rb
+- features/support/cleanup_truecrypt.rb
+- features/support/env.rb
+- features/truecrypt.feature
+- spec/io_helpers.rb
+- spec/lib/coy/operation_spec.rb
+- spec/lib/coy/random_source_spec.rb
+- spec/spec_helper.rb