kbsecret 0.6.5 → 0.7.0.pre.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 061dc3ef77cf2be8317743c5c7a661dc906ccc66
-  data.tar.gz: f09cd15ecf6ca22c7660528002e131c44aa9cf82
+  metadata.gz: d6b4bbb559dfea85bc7b7d767db97dd609ec9117
+  data.tar.gz: '009586cb565eb93ba6ea4d605527748dbb9d7ad5'
 SHA512:
-  metadata.gz: 5e18ecf145719006f1065ba076c079bbaaeec4adcaec38f881bb368c95f445c8992838e3017b88954fb3f86c66eaef52bac35916489a1285eeb8ed03f88fc030
-  data.tar.gz: b569a9c09826835a5e09dda8523960e6d062ef7c6e34ab22212345284cc259ce97c331da3910d479b70c5a41cafadefce4f3b4bc20c1ba860f5f035d0a874242
+  metadata.gz: 19a290acff300d2ff4b1f7bf5fe58bd94586fc1c05757aa53dc5126794e51bfd7ceafb5a2a309e557b1456ff9d01664d354602b6494104fc0a49937aa7b5821d
+  data.tar.gz: aa0b5abe37669dfabbdc2f904aa5edd10e8b8144afbaab639d2504360339a30bd9b0a1b2539a82c08d3cef9cb63f5ca24d9838b4ae271f9fe1ec03c401681628

data/README.md

@@ -50,7 +50,7 @@ Documentation is available on [RubyDoc](http://www.rubydoc.info/gems/kbsecret/).
 ```bash
 # create a new login record under the default session
 $ kbsecret new login gmail
-Username?
+Username? bob@gmail.com
 Password?
 
 # list all records under the default session
@@ -60,7 +60,7 @@ gmail
 # show the requested login record
 $ kbsecret login gmail
 Label: gmail
-	Username: foo@example.com
+	Username: bob@gmail.com
 	Password: barbazquux
 
 # create a new session between 3 keybase users (foo, bar, and baz)
@@ -73,7 +73,7 @@ dev-team
 
 # add an environment record to the dev-team session
 $ kbsecret new environment api-key -s dev-team
-Variable?
+Variable? BRAND_NEW_API
 Value?
 
 # list all records under the dev-team session
@@ -82,7 +82,7 @@ api-key
 
 # get all environment records in dev-team in an easy-to-source format
 $ kbsecret env -s dev-team --all
-export API_KEY='0xBADBEEF'
+export BRAND_NEW_API='0xBADBEEF'
 ```
 
 ### Manual Pages

data/bin/kbsecret-dump-fields

@@ -5,8 +5,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret dump-fields [options] <record>
@@ -17,11 +17,11 @@ cmd = CLI.new do
     o.string "-i", "--ifs", "separate terse pairs with this string", default: CLI.ifs
   end
 
-  dreck do
+  c.dreck do
     string :label
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 label   = cmd.args[:label]

data/bin/kbsecret-env

@@ -5,8 +5,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret env [options] <record [record ...]>
@@ -17,13 +17,13 @@ cmd = CLI.new do
     o.bool "-v", "--value-only", "print only the environment value, not the key"
   end
 
-  unless opts.all?
-    dreck do
+  unless c.opts.all?
+    c.dreck do
       list :string, :labels
     end
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 records = cmd.session.records :environment

data/bin/kbsecret-generator

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "kbsecret"
+
+include KBSecret
+
+cmd = CLI.create do |c|
+  c.slop do |o|
+    o.banner = <<~EOS
+      Usage:
+        kbsecret new-generator [options] <new|rm> <generator>
+    EOS
+
+    o.string "-F", "--format", "the format of the secrets generated", default: "hex"
+    o.integer "-l", "--length", "the length, in bytes, of the secrets generated",
+              default: 16
+    o.bool "-f", "--force", "force generator creation (ignore overwrite)"
+  end
+
+  c.dreck do
+    string :command
+    string :generator
+  end
+
+  c.ensure_generator! :argument if c.args[:command] == "rm"
+end
+
+case cmd.args[:command]
+when "new"
+  if Config.generator?(cmd.args[:generator]) && !cmd.opts.force?
+    cmd.die "Refusing to overwrite an existing generator without --force."
+  end
+
+  Config.configure_generator(cmd.args[:generator],
+                             format: cmd.opts[:format],
+                             length: cmd.opts[:length])
+when "rm"
+  Config.deconfigure_generator(cmd.args[:generator])
+else
+  cmd.die "Unknown subcommand: '#{cmd.args[:command]}'."
+end

data/bin/kbsecret-generators

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "kbsecret"
+
+include KBSecret
+
+cmd = CLI.create do |c|
+  c.slop do |o|
+    o.banner = <<~EOS
+      Usage:
+        kbsecret generators [options]
+    EOS
+
+    o.bool "-a", "--show-all", "show each generator in depth (i.e. metadata)"
+  end
+end
+
+Config[:generators].each do |label, config|
+  puts label
+
+  next unless cmd.opts.show_all?
+
+  puts <<~EOS
+    \tFormat: #{config[:format]}
+    \tLength: #{config[:length]}
+  EOS
+end

data/bin/kbsecret-login

@@ -5,8 +5,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret login [options] <record [record ...]>
@@ -18,13 +18,13 @@ cmd = CLI.new do
     o.string "-i", "--ifs", "separate terse fields with this string", default: CLI.ifs
   end
 
-  unless opts.all?
-    dreck do
+  unless c.opts.all?
+    c.dreck do
       list :string, :labels
     end
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 records = cmd.session.records :login

data/bin/kbsecret-new

@@ -22,6 +22,9 @@ cmd = CLI.create do |c|
     o.bool "-f", "--force", "force creation (ignore overwrites, etc.)"
     o.bool "-a", "--args", "use trailing arguments as fields, even with a tty"
     o.bool "-e", "--echo", "echo input to tty (only affects interactive input)"
+    o.bool "-G", "--generate", "generate secret fields (interactive only)"
+    o.string "-g", "--generator", "the generator to use for secret fields",
+             default: :default
   end
 
   c.dreck do
@@ -30,6 +33,7 @@ cmd = CLI.create do |c|
     list :string, :fields if c.opts.args?
   end
 
+  c.ensure_generator!
   c.ensure_type! :argument
   c.ensure_session!
 end
@@ -42,19 +46,23 @@ if cmd.session.record?(label) && !cmd.opts.force?
   cmd.die "Refusing to overwrite an existing record without --force."
 end
 
+if cmd.opts.generate?
+  generator = cmd.guard { Generator.new cmd.opts[:generator] }
+end
+
 fields = if $stdin.tty? && !cmd.opts.args?
            prompt = TTY::Prompt.new
            klass = Record.class_for(resolved_type)
            klass.data_fields.map do |field|
-             prompt.ask "#{field.capitalize}?",
-                        echo: !klass.sensitive?(field) || cmd.opts.echo?
+             if cmd.opts.generate? && klass.sensitive?(field)
+               generator.secret
+             else
+               prompt.ask "#{field.capitalize}?",
+                          echo: !klass.sensitive?(field) || cmd.opts.echo?
+             end
            end
          else
            cmd.args[:fields]
          end
 
-begin
-  cmd.session.add_record(resolved_type, label, *fields)
-rescue => e
-  cmd.die "#{e}."
-end
+cmd.guard { cmd.session.add_record(resolved_type, label, *fields) }

data/bin/kbsecret-new-session

@@ -6,8 +6,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret new-session [options] --label <label> --root <dir>

data/bin/kbsecret-pass

@@ -6,8 +6,8 @@ require "clipboard"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret pass [options] <record>
@@ -17,11 +17,11 @@ cmd = CLI.new do
     o.bool "-c", "--clipboard", "dump the password in the clipboard"
   end
 
-  dreck do
+  c.dreck do
     string :label
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 label   = cmd.args[:label]

data/bin/kbsecret-raw-edit

@@ -5,8 +5,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret raw-edit [options] <record>
@@ -15,11 +15,11 @@ cmd = CLI.new do
     o.string "-s", "--session", "the session to search in", default: :default
   end
 
-  dreck do
+  c.dreck do
     string :label
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 label   = cmd.args[:label]

data/bin/kbsecret-rm

@@ -8,8 +8,8 @@ include KBSecret
 
 $VERBOSE = nil # tty-prompt blasts us with irrelevant warnings on 2.4
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret rm [options] <record>
@@ -19,11 +19,11 @@ cmd = CLI.new do
     o.bool "-i", "--interactive", "ask for confirmation before deleting"
   end
 
-  dreck do
+  c.dreck do
     string :label
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 label = cmd.args[:label]

data/bin/kbsecret-rm-session

@@ -5,8 +5,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret rm-session [options] <session>
@@ -15,11 +15,11 @@ cmd = CLI.new do
     o.bool "-d", "--delete", "unlink the session in addition to deconfiguration"
   end
 
-  dreck do
+  c.dreck do
     string :session
   end
 
-  ensure_session! :argument
+  c.ensure_session! :argument
 end
 
 label = cmd.args[:session]

data/bin/kbsecret-sessions

@@ -5,8 +5,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret sessions [options]

data/bin/kbsecret-stash-file

@@ -6,8 +6,8 @@ require "base64"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop do |o|
+cmd = CLI.create do |c|
+  c.slop do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret stash-file <record> [file]
@@ -18,12 +18,12 @@ cmd = CLI.new do
     o.bool "-b", "--base64", "encode the file as base64"
   end
 
-  dreck errors: false do
+  c.dreck errors: false do
     string :label
     string :filename
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 label    = cmd.args[:label]

data/bin/kbsecret-todo

@@ -5,8 +5,8 @@ require "kbsecret"
 
 include KBSecret
 
-cmd = CLI.new do
-  slop cmds: %w[start suspend complete] do |o|
+cmd = CLI.create do |c|
+  c.slop cmds: %w[start suspend complete] do |o|
     o.banner = <<~EOS
       Usage:
         kbsecret todo <start|suspend|complete> <record>
@@ -15,12 +15,12 @@ cmd = CLI.new do
     o.string "-s", "--session", "the session to search in", default: :default
   end
 
-  dreck do
+  c.dreck do
     string :command
     string :label
   end
 
-  ensure_session!
+  c.ensure_session!
 end
 
 label   = cmd.args[:label]
@@ -43,5 +43,5 @@ when "complete"
   todo.complete!
   puts "#{todo.label}: '#{todo.todo}' marked as completed at #{todo.stop}"
 else
-  cmd.die "Unknown action: #{command}."
+  cmd.die "Unknown subcommand: '#{cmd.args[:command]}'."
 end

data/lib/kbsecret.rb

@@ -7,6 +7,7 @@ require_relative "kbsecret/config"
 require_relative "kbsecret/exceptions"
 require_relative "kbsecret/record"
 require_relative "kbsecret/session"
+require_relative "kbsecret/generator"
 require_relative "kbsecret/cli"
 
 # The primary namespace for kbsecret.

data/lib/kbsecret/cli.rb

@@ -98,12 +98,10 @@ module KBSecret
     #   the `--session` option. If `:argument` is passed, then the session is expected
     #   to be in the argument list labeled as `:argument` by Dreck.
     # @return [void]
-    # @raise [RuntimeError] if the expected session is not configured.
     # @note {#slop} and {#dreck} should be called before this, depending on whether
     #   options or arguments are being tested for a valid session.
     def ensure_session!(where = :option)
       label = where == :option ? @opts[:session] : @args[:session]
-      raise "Unknown session: '#{label}'" unless Config.session? label
       @session = Session.new label: label
     end
 
@@ -114,11 +112,27 @@ module KBSecret
     #   `--type` option. If `:argument` is passed, then the type is expected to
     #   be in the argument list labeled as `:type` by Dreck.
     # @return [void]
+    # @note {#slop} and {#dreck} should be called before this, depending on whether
+    #   options or arguments are being tested for a valid session.
     def ensure_type!(where = :option)
       type = where == :option ? @opts[:type] : @args[:type]
       Record.class_for type
     end
 
+    # Ensure that a generator profile passed in as an option or argument already
+    #   exists (i.e., is already configured).
+    # @param where [Symbol] Where to look for the session label to test.
+    #   If `:option` is passed, then the generator is expected to be the value of
+    #   the `--generator` option. If `:argument` is passed, then the type is expected
+    #   to be in the argument list labeled as `:generator` by Dreck.
+    # @return [void]
+    # @note {#slop} and {#dreck} should be called before this, depending on whether
+    #   options or arguments are being tested for a valid session.
+    def ensure_generator!(where = :option)
+      gen = where == :option ? @opts[:generator] : @args[:generator]
+      Config.generator gen
+    end
+
     # "Guard" a block by propagating any exceptions as fatal (unrecoverable)
     #   errors.
     # @return [Object] the result of the block

data/lib/kbsecret/config.rb

@@ -6,30 +6,48 @@ require "fileutils"
 module KBSecret
   # Global and per-session configuration for kbsecret.
   class Config
-    # the configuration directory
+    # The configuration directory.
     # @api private
     CONFIG_DIR = File.expand_path("~/.config/kbsecret").freeze
 
-    # the configuration file
+    # The configuration file.
     # @api private
     CONFIG_FILE = File.join(CONFIG_DIR, "config.yml").freeze
 
+    # The default session configuration.
+    DEFAULT_SESSION = {
+      default: {
+        users: [Keybase.current_user],
+        root: "default",
+      },
+    }.freeze
+
+    # The default generator configuration.
+    DEFAULT_GENERATOR = {
+      default: {
+        format: "hex",
+        length: 16,
+      },
+    }.freeze
+
     # configuration defaults
     # @api private
     DEFAULT_CONFIG = {
-      mount: "/keybase",
-      sessions: {
-        default: {
-          users: [Keybase.current_user],
-          root: "default",
-        },
-      },
-
       session_root: File.join("/keybase/private/",
                               Keybase.current_user,
                               "kbsecret"),
+
+      mount: "/keybase",
+      sessions: DEFAULT_SESSION,
+      generators: DEFAULT_GENERATOR,
     }.freeze
 
+    # Writes the user's configuration to disk.
+    # @return [void]
+    def self.sync!
+      File.open(CONFIG_FILE, "w") { |io| io.write @config.to_yaml }
+    end
+
     # Retrieve a configured value.
     # @param key [String] the configuration key to retrieve
     # @return [Object] the corresponding configuration
@@ -40,8 +58,13 @@ module KBSecret
     # Retrieve a session's configuration.
     # @param sess [String, Symbol] the session's label
     # @return [Hash] the session configuration
+    # @raise [SessionUnknownError] if no such session exists
     def self.session(sess)
-      @config[:sessions][sess.to_sym]
+      hsh = @config[:sessions][sess.to_sym]
+
+      raise SessionUnknownError, sess unless hsh
+
+      hsh
     end
 
     # @return [Array<Symbol>] all configured session labels
@@ -61,7 +84,7 @@ module KBSecret
     # @return [void]
     def self.configure_session(label, hsh)
       @config[:sessions][label.to_sym] = hsh
-      File.open(CONFIG_FILE, "w") { |io| io.write @config.to_yaml }
+      sync!
     end
 
     # Deconfigure a session.
@@ -72,7 +95,47 @@ module KBSecret
     #  with a session, see {KBSecret::Session#unlink!}.
     def self.deconfigure_session(label)
       @config[:sessions].delete(label.to_sym)
-      File.open(CONFIG_FILE, "w") { |io| io.write @config.to_yaml }
+      sync!
+    end
+
+    # Retrieve a generator's configuration.
+    # @param gen [String, Symbol] the generator's label
+    # @return [Hash] the generator configuration
+    # @raise [GeneratorUnknownError] if no such generator exists
+    def self.generator(gen)
+      hsh = @config[:generators][gen.to_sym]
+
+      raise GeneratorUnknownError, gen unless hsh
+
+      hsh
+    end
+
+    # @return [Array<Symbol>] all configured session labels
+    def self.generator_labels
+      @config[:generators].keys
+    end
+
+    # @param gen [String, Symbol] the generator label
+    # @return [Boolean] whether or not the given generator is configured
+    def self.generator?(gen)
+      generator_labels.include?(gen.to_sym)
+    end
+
+    # Configure a secret generator.
+    # @param label [String, Symbol] the generator label (profile name)
+    # @param hsh [Hash] the generator configuration
+    # @return [void]
+    def self.configure_generator(label, **hsh)
+      @config[:generators][label.to_sym] = hsh
+      sync!
+    end
+
+    # Deconfigure a generator.
+    # @param label [String, Symbol] the generator label (profile name)
+    # @return [void]
+    def self.deconfigure_generator(label)
+      @config[:generators].delete(label.to_sym)
+      sync!
     end
 
     if File.exist?(CONFIG_FILE)
@@ -80,10 +143,13 @@ module KBSecret
     else
       user_config = DEFAULT_CONFIG
       FileUtils.mkdir_p CONFIG_DIR
-      File.open(CONFIG_FILE, "w") { |io| io.write DEFAULT_CONFIG.to_yaml }
     end
 
     @config = DEFAULT_CONFIG.merge(user_config)
+    @config[:sessions].merge!(DEFAULT_SESSION)
+    @config[:generators].merge!(DEFAULT_GENERATOR)
+
     FileUtils.mkdir_p @config[:session_root]
+    sync!
   end
 end

data/lib/kbsecret/exceptions.rb

@@ -26,4 +26,32 @@ module KBSecret
       super "Needed #{exp} arguments for this record, got #{act}"
     end
   end
+
+  # Raised during session lookup if an unknown session is requested.
+  class SessionUnknownError < KBSecretError
+    def initialize(sess)
+      super "Unknown session: '#{sess}'"
+    end
+  end
+
+  # Raised during generator lookup if an unknown profile is requested.
+  class GeneratorUnknownError < KBSecretError
+    def initialize(gen)
+      super "Unknown generator profile: '#{gen}'"
+    end
+  end
+
+  # Raised during generator creation if an unknown generator format is requested.
+  class GeneratorFormatError < KBSecretError
+    def initialize(fmt)
+      super "Unknown generator format: '#{fmt}'"
+    end
+  end
+
+  # Raised during generator creation if a non-positive generator length is requested.
+  class GeneratorLengthError < KBSecretError
+    def initialize(length)
+      super "Bad secret generator length (#{length}, must be positive)"
+    end
+  end
 end

data/lib/kbsecret/generator.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "securerandom"
+
+module KBSecret
+  # Generates secret values (passwords, environment keys, etc) for storage by {KBSecret}.
+  class Generator
+    # All generator formats known by {Generator}.
+    GENERATOR_TYPES = %i[hex base64].freeze
+
+    # @return [Symbol] the format of the generator
+    attr_reader :format
+
+    # @return [Integer] the length, in bytes of secrets generated by the generator
+    attr_reader :length
+
+    # @param profile [Symbol, String] the label of the generator profile to use
+    # @raise [GeneratorLengthError] if the profile has a non-positive length
+    # @raise [GeneratorFormatError] if the profile has an unknown format
+    def initialize(profile = :default)
+      @format = Config.generator(profile)[:format].to_sym
+      @length = Config.generator(profile)[:length].to_i
+
+      raise GeneratorLengthError, @length unless @length.positive?
+      raise GeneratorFormatError, @format unless GENERATOR_TYPES.include?(@format)
+    end
+
+    # @return [String] a new secret based on the {format} and {length} of the {Generator}
+    # @example
+    #   g = KBSecret::Generator.new # => #<KBSecret::Generator @format="hex", @length=16>
+    #   g.secret # => "a927f1e7ffa1a039a9cd31c45bc181e3"
+    def secret
+      SecureRandom.send(@format, @length)
+    end
+  end
+end

data/lib/version.rb

@@ -2,5 +2,5 @@
 
 module KBSecret
   # kbsecret's current version
-  VERSION = "0.6.5"
+  VERSION = "0.7.0.pre.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kbsecret
 version: !ruby/object:Gem::Version
-  version: 0.6.5
+  version: 0.7.0.pre.1
 platform: ruby
 authors:
 - William Woodruff
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-09 00:00:00.000000000 Z
+date: 2017-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fpm
@@ -159,7 +159,9 @@ executables:
 - kbsecret-login
 - kbsecret-raw-edit
 - kbsecret-todo
+- kbsecret-generator
 - kbsecret-new
+- kbsecret-generators
 - kbsecret-dump-fields
 - kbsecret-stash-file
 - kbsecret-rm-session
@@ -176,6 +178,8 @@ files:
 - bin/kbsecret
 - bin/kbsecret-dump-fields
 - bin/kbsecret-env
+- bin/kbsecret-generator
+- bin/kbsecret-generators
 - bin/kbsecret-list
 - bin/kbsecret-login
 - bin/kbsecret-new
@@ -191,6 +195,7 @@ files:
 - lib/kbsecret/cli.rb
 - lib/kbsecret/config.rb
 - lib/kbsecret/exceptions.rb
+- lib/kbsecret/generator.rb
 - lib/kbsecret/record.rb
 - lib/kbsecret/record/abstract.rb
 - lib/kbsecret/record/environment.rb
@@ -215,9 +220,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.6.11