mellon 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3d709112b62b9ed79d5d650602042faf2a3dfc2f
+  data.tar.gz: deda5ba7ba3a00ea77b3f914fd23c8d14cd7c04a
+SHA512:
+  metadata.gz: ede7a998d84a0504c55bcf1f203c832a8c800e647f43ff4c17a7edfb1801ee2e37292f5a771e04d97798985af4c2e0c32d9507dc7c5428d73acc6ed6ea38a45d
+  data.tar.gz: 19fef434f6cdd5a71599f9774a4d56e284ae82d51d819b2a001de0626da9d237ada8eaef8e89e4569d3fb91877d732169c9cefe0429eea11ae3524794bdacb70

data/.gitignore

@@ -0,0 +1,23 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+spec/.*

data/.rspec

@@ -0,0 +1 @@
+--require ./spec/spec_helper

data/Gemfile

@@ -0,0 +1,3 @@
+source "https://rubygems.org"
+
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Kim Burgestrand
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,79 @@
+# Mellon
+
+> Speak, Friend, and enter.
+
+Mellon is four things:
+
+- A simple library for reading and writing notes in Mac OSX keychains. (see [Mellon::Keychain][])
+- A simple library for using Mac OSX keychain notes as hash storage. (see [Mellon::Store][])
+- A tiny CLI interface for [Mellon::Keychain][]. (see [Command-line interface](#command-line-interface))
+
+I built Mellon because I wanted Yet Another Way of Managing Application Secrets™. Frankly, I am fed up
+with passing around some secret file not included in our source code repository that runs out of sync
+every time we add or change values during development.
+
+Mellon, together with Econfig, solves this problem.
+
+Mellon is sponsored by [Elabs][].
+
+[![elabs logo][]][Elabs]
+
+## Usage
+
+Mellon is intended for usage during development only. The recommended workflow is:
+
+1. Create an OSX keychain using Keychain Access, name it something hip and clever, like `thanks-a-latte`.
+2. Share your keychain with your colleagues, through iCloud sync, Dropbox or similar.
+3. Hook up Mellon with your application according to instructions below.
+
+### Using with Rails and Econfig (recommended)
+
+See instructions over at [econfig-keychain](https://github.com/elabs/econfig-keychain).
+
+# Documentation
+
+An API reference can be found at [rdoc.info/github/elabs/mellon](http://rdoc.info/github/elabs/mellon/master/frames).
+
+## Mellon::Keychain
+
+Mellon::Keychain allows you to read and write notes in OSX keychains.
+
+```ruby
+keychain = Mellon::Keychain.default
+keychain["ruby note"] # => nil
+keychain["ruby note"] = "Hello from Ruby!" # creates keychain note `ruby note`
+keychain["ruby note"] # => "Hello from Ruby!"
+keychain["ruby note"] = nil # deletes keychain note `ruby note`
+```
+
+More documentation can be found at the [API reference for Mellon::Keychain](http://rdoc.info/github/elabs/mellon/master/Mellon/Keychain).
+
+## Mellon::Store
+
+Mellon::Store is a layer above Mellon::Keychain, allowing you to use a single keychain note as hash storage. Notes are serialized as YAML by default.
+
+```ruby
+project_name = "ruby note"
+store = Mellon::Store.new(project_name, keychain: Mellon::Keychain.default)
+store["some key"] # => nil
+store["some key"] = "Hello from Ruby!" # creates keychain note "ruby note", and puts value for "some key" in it
+store["some key"] # => "Hello from Ruby!"
+
+# Have a peek at the data, which is serialized as YAML
+store.keychain[store.project_name] # => "---\nsome key: Hello from Ruby!\n"
+```
+
+More documentation can be found at the [API reference for Mellon::Store](http://rdoc.info/github/elabs/mellon/master/Mellon/Store).
+
+## Command-line interface
+
+When you install the Mellon gem you also get an executable called `mellon`. See `mellon -h` for usage information.
+
+# License
+
+[See LICENSE](./LICENSE).
+
+[Elabs]: http://www.elabs.se/
+[elabs logo]: ./elabs-logo.png?raw=true
+[Mellon::Keychain]: #mellon-keychain
+[Mellon::Store]: #mellon-store

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new
+
+task :console do
+  exec *%w[bundle exec pry -r mellon]
+end
+
+task :default => :spec

data/bin/mellon

@@ -0,0 +1,106 @@
+#!/usr/bin/env ruby
+# encoding: utf-8
+
+require "mellon"
+require "slop"
+
+# Options
+$keychain = nil
+
+def find_closest(*filenames)
+  require "pathname"
+  Pathname.pwd.ascend do |parent|
+    filenames.each do |filename|
+      file = parent + filename
+      return parent.to_s if file.exist?
+    end
+  end
+
+  yield
+end
+
+$default_name = File.basename(find_closest("Gemfile", "Rakefile") { Dir.pwd })
+
+# Common procs
+define_common = lambda do |dsl|
+  dsl.on :k, :keychain=, "Specify keychain to use" do |keychain_name|
+    keychain_path = File.expand_path(keychain_name)
+
+    $keychain = if File.exists?(keychain_path)
+      Mellon::Keychain.new(keychain_path)
+    else
+      Mellon::Keychain.find(keychain_name)
+    end
+  end
+end
+
+# Convenience
+def name_and_keychain(argv)
+  name = argv.join(" ")
+  name = $default_name if name.empty?
+  $keychain ||= Mellon::Keychain.search(name)
+
+  unless $keychain
+    $stderr.puts "key not found: #{name}"
+    yield if block_given?
+    exit false
+  end
+
+  [name, $keychain]
+end
+
+Slop.parse(strict: true, help: true) do
+  on :v, :version, "Show Mellon version." do
+    puts "Mellon v#{Mellon::VERSION}"
+    exit
+  end
+
+  description "list globally known keychains."
+  command "list" do
+    run do
+      puts "Available keychains:"
+      Mellon::Keychain.list.each do |keychain|
+        puts "  #{keychain.name}"
+      end
+    end
+  end
+
+  description "edit or create a keychain entry."
+  command "edit" do
+    banner "Usage: mellon edit [options] [name (default: #{$default_name})]"
+    define_common[self]
+
+    run do |opts, argv|
+      name, keychain = name_and_keychain(argv) do
+        $stderr.puts "If you want to create it, you need to specify keychain with -k."
+      end
+
+      editor = ENV.fetch("EDITOR") do
+        $stderr.puts "$EDITOR is not set. Please set it to your preferred editor."
+        exit false
+      end
+
+      require "tempfile"
+      Tempfile.open([name, ".txt"]) do |io|
+        File.write io.path, keychain[name]
+        system editor, io.path
+        keychain[name] = File.read(io.path)
+      end
+    end
+  end
+
+  description "show a keychain entry."
+  command "show" do
+    banner "Usage: mellon show [options] [name (default: #{$default_name})]"
+    define_common[self]
+
+    run do |opts, argv|
+      name, keychain = name_and_keychain(argv)
+      print keychain[name]
+    end
+  end
+
+  run do |opts, argv|
+    puts opts
+  end
+end

data/lib/mellon/keychain.rb

@@ -0,0 +1,239 @@
+require "plist"
+
+module Mellon
+  # Keychain provides simple methods for reading and storing keychain entries.
+  class Keychain
+    DEFAULT_OPTIONS = { type: :note }
+    TYPES = {
+      "note" => {
+        kind: "secure note",
+        type: "note"
+      }
+    }
+
+    class << self
+      # Find the first keychain that contains the key.
+      #
+      # @param [String] key
+      # @return [Keychain, nil]
+      def search(key)
+        output = ShellUtils.security("find-generic-password", "-l", key)
+        new(output[/keychain: "(.+)"/i, 1], ensure_exists: false)
+      rescue CommandError
+        nil
+      end
+
+      # Find a keychain matching the given name.
+      #
+      # @param [String] name
+      # @return [Keychain]
+      # @raise [KeyError] if no matching keychain was found
+      def find(name)
+        quoted = Regexp.quote(name)
+        regexp = Regexp.new(quoted, Regexp::IGNORECASE)
+
+        keychain = list.find do |keychain|
+          keychain.path =~ regexp
+        end
+
+        if keychain.nil?
+          raise KeyError, "Could not find keychain “#{name}” in #{list.map(&:name).join(", ")}"
+        end
+
+        keychain
+      end
+
+      # @return [Keychain] default keychain
+      def default
+        keychain_path = ShellUtils.security("default-keychain")[KEYCHAIN_REGEXP, 1]
+        Keychain.new(keychain_path, ensure_exists: false)
+      end
+
+      # @return [Array<Keychain>] all available keychains
+      def list
+        ShellUtils.security("list-keychains").scan(KEYCHAIN_REGEXP).map do |(keychain_path)|
+          Keychain.new(keychain_path, ensure_exists: false)
+        end
+      end
+    end
+
+    # Initialize a keychain on the given path.
+    #
+    # @param [String] path
+    # @param [Boolean] ensure_exists check if keychain exists or not
+    def initialize(path, ensure_exists: true)
+      @path = path
+      @name = File.basename(path, ".keychain")
+      command "show-keychain-info" if ensure_exists
+    end
+
+    # @return [String] path to keychain
+    attr_reader :path
+
+    # @return [String] keychain name (without extension)
+    attr_reader :name
+
+    # Retrieve a value, but if it does not exist return the default value,
+    # or call the provided block, or raise an error. See Hash#fetch.
+    #
+    # @param [String] key
+    # @param default
+    # @return [String] value for key, default, or value from block
+    # @yield if key does not exist, and block is given
+    # @raise [KeyError] if key does not exist, and no default is given
+    def fetch(key, *args, &block)
+      self[key] or {}.fetch(key, *args, &block)
+    end
+
+    # @param [String] key
+    # @return [String, nil] contents of entry at key, or nil if not set
+    def [](key)
+      _, data = read(key)
+      data
+    end
+
+    # Write data to entry key, or updating existing one if it exists.
+    #
+    # @param [String] key
+    # @param [String] data
+    def []=(key, data)
+      info, _ = read(key)
+      info ||= {}
+
+      if data
+        write(key, data, info)
+      else
+        delete(key, info)
+      end
+    end
+
+    private
+
+    # Read a key from the keychain.
+    #
+    # @param [String] key
+    # @return [Array<Hash, String>, nil] tuple of entry info, and text contents, or nil if key does not exist
+    def read(key)
+      command "find-generic-password", "-g", "-l", key do |info, password_info|
+        [parse_info(info), parse_contents(password_info)]
+      end
+    rescue CommandError => e
+      nil
+    end
+
+    # Write data with given key to the keychain, or update existing key if it exists.
+    #
+    # @note keychain entries are not unique by key, but also by the information
+    #       provided through options; two entries with same key but different
+    #       account name (for example), will become two different entries when
+    #       writing.
+    #
+    # @param [String] key
+    # @param [String] data
+    # @param [Hash] options
+    # @option options [#to_s] :type (:note) one of Keychain::TYPES
+    # @option options [String] :account_name ("")
+    # @option options [String] :service_name (key)
+    # @option options [String] :label (service_name)
+    # @raise [CommandError] if writing fails
+    def write(key, data, options = {})
+      info = build_info(key, options)
+
+      command "add-generic-password",
+        "-a", info[:account_name],
+        "-s", info[:service_name],
+        "-l", info[:label],
+        "-D", info[:kind],
+        "-C", info[:type],
+        "-T", "", # which applications have access (none)
+        "-U", # upsert
+        "-w", data
+    end
+
+    # Delete the entry matching key and options.
+    #
+    # @param [String] key
+    # @param [Hash] options
+    # @option (see #write)
+    def delete(key, options = {})
+      info = build_info(key, options)
+
+      command "delete-generic-password",
+        "-a", info[:account_name],
+        "-s", info[:service_name],
+        "-l", info[:label],
+        "-D", info[:kind],
+        "-C", info[:type]
+    end
+
+    # Execute a command with the context of this keychain.
+    #
+    # @param [Array<String>] command
+    def command(*command, &block)
+      command += [path]
+      ShellUtils.security *command, &block
+    end
+
+    private
+
+    # Build an info hash used for #write and #delete.
+    #
+    # @param [String] key
+    # @param [Hash] options
+    # @return [Hash]
+    def build_info(key, options = {})
+      options = DEFAULT_OPTIONS.merge(options)
+
+      note_type = TYPES.fetch(options.fetch(:type, :note).to_s)
+      account_name = options.fetch(:account_name, "")
+      service_name = options.fetch(:service_name, key)
+      label = options.fetch(:label, service_name)
+
+      {
+        account_name: account_name,
+        service_name: service_name,
+        label: label,
+        kind: note_type.fetch(:kind),
+        type: note_type.fetch(:type),
+      }
+    end
+
+    # Parse entry information.
+    #
+    # @param [String] info
+    # @return [Hash]
+    def parse_info(info)
+      extract = lambda { |key| info[/#{key}.+=(?:<NULL>|[^"]*"(.+)")/, 1].to_s }
+      {
+        account_name: extract["acct"],
+        kind: extract["desc"],
+        type: extract["type"],
+        label: extract["0x00000007"],
+        service_name: extract["svce"],
+      }
+    end
+
+    # Parse entry contents.
+    #
+    # @param [String]
+    # @return [String]
+    def parse_contents(password_info)
+      unpacked = password_info[/password: 0x([a-f0-9]+)/i, 1]
+
+      password = if unpacked
+        [unpacked].pack("H*")
+      else
+        password_info[/password: "(.+)"/m, 1]
+      end
+
+      password ||= ""
+
+      parsed = Plist.parse_xml(password.force_encoding("".encoding))
+      if parsed and parsed["NOTE"]
+        parsed["NOTE"]
+      else
+        password
+      end
+    end
+  end
+end

data/lib/mellon/shell_utils.rb

@@ -0,0 +1,36 @@
+require "open3"
+require "shellwords"
+
+module Mellon
+  module ShellUtils
+    module_function
+
+    def security(*command, &block)
+      sh("security", *command, &block)
+    end
+
+    def sh(*command)
+      $stderr.puts command.join(" ") if $VERBOSE
+      stdout, stderr, status = Open3.capture3(*command)
+
+      stdout.chomp!
+      stderr.chomp!
+
+      unless status.success?
+        error_string = Shellwords.join(command)
+        error_string << "\n"
+
+        stderr = "<no output>" if stderr.empty?
+        error_string << "  " << stderr.chomp
+
+        raise CommandError, "[ERROR] #{error_string}"
+      end
+
+      if block_given?
+        yield [stdout, stderr]
+      else
+        stdout
+      end
+    end
+  end
+end

data/lib/mellon/store.rb

@@ -0,0 +1,78 @@
+require "yaml"
+
+module Mellon
+  # Used for storing multiple values in a single Keychain entry.
+  #
+  # This is useful for configuring applications, e.g. having one entry per application,
+  # where each entry contains all configuration for said application.
+  class Store
+    attr_reader :project_name
+    attr_reader :keychain
+    attr_reader :serializer
+
+    # @example use keychain where entry exists, or default keychain
+    #   Store.new("myapp")
+    #
+    # @example automatically find keychain
+    #   Store.new("myapp", "shared_keychain")
+    #
+    # @example explicitly use keychain
+    #   Store.new("myapp", Mellon::Keychain.new("/path/to/keychain.keychain"))
+    #
+    # @overload initialize(project_name)
+    # @overload initialize(project_name, keychain_name)
+    # @overload initialize(project_name, keychain)
+    #
+    # @param [String] project_name
+    # @param [String, Keychain, nil] keychain
+    # @param [#dump, #load] serializer
+    def initialize(project_name, keychain: Keychain.search(project_name), serializer: YAML)
+      @project_name = project_name.to_s
+      @keychain = if keychain.is_a?(Keychain)
+        keychain
+      elsif keychain.nil?
+        Keychain.default
+      else
+        Keychain.find(keychain.to_s)
+      end
+      @serializer = serializer
+    end
+
+    # @see Hash#fetch
+    def fetch(*args, &block)
+      data.fetch(*args, &block)
+    end
+
+    # Retrieve a key from the store.
+    #
+    # @param [String] key
+    # @return [String, nil] value stored, or nil
+    def [](key)
+      data[key]
+    end
+
+    # Set a key in the store.
+    #
+    # @param [String] key
+    # @param [String] value
+    def []=(key, value)
+      dump data.merge(key => value)
+    end
+
+    private
+
+    def data
+      config = @keychain[@project_name]
+
+      if config
+        @serializer.load(config)
+      else
+        {}
+      end
+    end
+
+    def dump(hash)
+      @keychain[@project_name] = @serializer.dump(hash)
+    end
+  end
+end

data/lib/mellon/version.rb

@@ -0,0 +1,3 @@
+module Mellon
+  VERSION = "1.0.0"
+end

data/lib/mellon.rb

@@ -0,0 +1,11 @@
+require "mellon/version"
+require "mellon/shell_utils"
+require "mellon/keychain"
+require "mellon/store"
+
+module Mellon
+  KEYCHAIN_REGEXP = /"(.+)"/
+
+  class Error < StandardError; end
+  class CommandError < Error; end
+end

data/mellon.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "mellon/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "mellon"
+  spec.version       = Mellon::VERSION
+  spec.authors       = ["Kim Burgestrand"]
+  spec.email         = ["kim@burgestrand.se"]
+  spec.summary       = %q{A command-line utility for managing secret application credentials via OSX keychain.}
+  spec.homepage      = "https://github.com/elabs/mellon"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "plist"
+  spec.add_dependency "slop"
+
+  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "pry"
+end

data/spec/mellon/keychain_spec.rb

@@ -0,0 +1,88 @@
+describe Mellon::Keychain do
+  subject(:keychain) do
+    Mellon::Keychain.new(keychain_path)
+  end
+
+  specify "#name" do
+    keychain.name.should eq "temporary_keychain"
+  end
+
+  specify "#path" do
+    keychain.path.should eq keychain_path
+  end
+
+  describe "#initialize" do
+    it "raises an error if keychain does not exist" do
+      expect { Mellon::Keychain.new("missing.keychain") }.to raise_error(Mellon::Error, /missing.keychain/)
+    end
+  end
+
+  describe "fetch" do
+    it "delegates (and as such, behaves equally) to #[]" do
+      keychain.should_receive(:[]).with("simple").and_call_original
+      keychain.fetch("simple").should eq "Simple note"
+    end
+
+    describe "behaves like Hash#fetch" do
+      specify "when key exists" do
+        keychain.fetch("simple", nil).should eq "Simple note"
+        keychain.fetch("simple", "default value").should eq "Simple note"
+        keychain.fetch("simple", "default value") { "block value" }.should eq "Simple note"
+        keychain.fetch("simple") { "block value" }.should eq "Simple note"
+
+        keychain.fetch("simple").should eq "Simple note"
+      end
+
+      specify "when key does not exist" do
+        keychain.fetch("missing", nil).should eq nil
+        keychain.fetch("missing", "default value").should eq "default value"
+        keychain.fetch("missing", "default value") { "block value" }.should eq "block value"
+        keychain.fetch("missing") { "block value" }.should eq "block value"
+
+        expect { keychain.fetch("missing") }.to raise_error(KeyError)
+      end
+    end
+  end
+
+  describe "#[key]" do
+    it "reads simple entries" do
+      keychain["simple"].should eq "Simple note"
+    end
+
+    it "reads encoded entries" do
+      keychain["encoded"].should eq "Encoded\nnote"
+    end
+
+    it "reads plist entries" do
+      keychain["plist"].should eq "Plist note."
+    end
+
+    it "reads empty entries" do
+      keychain["empty"].should eq ""
+    end
+
+    it "returns nil when there is no entry with the given name" do
+      keychain["nonexisting note"].should be_nil
+    end
+  end
+
+  describe "#[]=" do
+    it "can create a new note" do
+      keychain["new note"].should be_nil
+      keychain["new note"] = "This is new data"
+      keychain["new note"].should eq "This is new data"
+    end
+
+    it "can write data to an existing note" do
+      keychain["existing"].should eq "Existing note."
+      keychain["existing"] = "This is new"
+      keychain["existing"].should eq "This is new"
+    end
+
+    it "can delete an existing note" do
+      keychain["doomed"].should_not be_nil
+      keychain["doomed"] = nil
+      keychain["doomed"].should be_nil
+    end
+  end
+end

data/spec/mellon/store_spec.rb

@@ -0,0 +1,77 @@
+describe Mellon::Store do
+  subject(:store) { Mellon::Store.new(project_name, keychain: keychain) }
+  let(:project_name) { "yaml store" }
+  let(:keychain) { Mellon::Keychain.new(keychain_path) }
+
+  describe "#initialize" do
+    it "requires a project name" do
+      expect { Mellon::Store.new }.to raise_error(ArgumentError)
+    end
+
+    it "finds and uses the keychain containing the project name by default" do
+      Mellon::Keychain.should_receive(:search).with(project_name).and_return(keychain)
+      Mellon::Store.new(project_name).keychain.should eq keychain
+    end
+
+    it "uses the default keychain is no keychain contains the project name" do
+      keychain = double
+      Mellon::Keychain.should_receive(:search).with(project_name).and_return(nil)
+      Mellon::Keychain.should_receive(:default).and_return(keychain)
+      Mellon::Store.new(project_name).keychain.should eq keychain
+    end
+
+    it "accepts specifying the keychain by name" do
+      keychain = double
+      Mellon::Keychain.should_receive(:find).with("projects").and_return(keychain)
+      store = Mellon::Store.new(project_name, keychain: "projects")
+      store.keychain.should eq keychain
+    end
+
+    it "accepts specifying the keychain object" do
+      store = Mellon::Store.new(project_name, keychain: keychain)
+      store.keychain.should eq keychain
+    end
+
+    it "allows setting the serializer" do
+      require "json"
+      store = Mellon::Store.new("json store", keychain: keychain, serializer: JSON)
+      store["some value"].should eq "This is some json value"
+      store["some value"] = "New value"
+      store["some value"].should eq "New value"
+    end
+  end
+
+  describe "#[]" do
+    it "returns the value for key inside the store" do
+      store["some value"].should eq "This is some yaml value"
+    end
+
+    it "returns nil if store entry does not exist" do
+      store = Mellon::Store.new("missing project", keychain: keychain)
+      store["some value"].should be_nil
+    end
+  end
+
+  describe "#[]=" do
+    it "assigns an existing value for key inside the store" do
+      store["some value"].should eq "This is some yaml value"
+      store["some value"] = "This is a new value"
+      store["some value"].should eq "This is a new value"
+    end
+
+    it "creates the store entry if it does not exist" do
+      store = Mellon::Store.new("missing project", keychain: keychain)
+      store["some value"].should be_nil
+      store["some value"] = "That value"
+      store["some value"].should eq "That value"
+    end
+  end
+
+  specify "#fetch" do
+    store.fetch("some value").should eq "This is some yaml value"
+    store.fetch("missing value", "default").should eq "default"
+    store.fetch("missing value") { "default" }.should eq "default"
+
+    expect { store.fetch("missing value") }.to raise_error(KeyError)
+  end
+end

data/spec/mellon_spec.rb

@@ -0,0 +1,5 @@
+describe Mellon do
+  specify "VERSION" do
+    defined?(Mellon::VERSION).should be_true
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+require "mellon"
+
+$stderr.puts "If asked for a password, just press enter. There is no password."
+
+keychain_path = File.expand_path("./temporary_keychain.keychain", __dir__)
+original_keychain_path = File.expand_path("./keychain.keychain", __dir__)
+
+RSpec.configure do |config|
+  config.around do |example|
+    FileUtils.cp(original_keychain_path, keychain_path)
+    example.run
+    FileUtils.rm(keychain_path)
+  end
+
+  define_method :keychain_path do
+    keychain_path
+  end
+end

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: mellon
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Kim Burgestrand
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: plist
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: slop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- kim@burgestrand.se
+executables:
+- mellon
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/mellon
+- elabs-logo.png
+- lib/mellon.rb
+- lib/mellon/keychain.rb
+- lib/mellon/shell_utils.rb
+- lib/mellon/store.rb
+- lib/mellon/version.rb
+- mellon.gemspec
+- spec/keychain.keychain
+- spec/mellon/keychain_spec.rb
+- spec/mellon/store_spec.rb
+- spec/mellon_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/elabs/mellon
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: A command-line utility for managing secret application credentials via OSX
+  keychain.
+test_files:
+- spec/keychain.keychain
+- spec/mellon/keychain_spec.rb
+- spec/mellon/store_spec.rb
+- spec/mellon_spec.rb
+- spec/spec_helper.rb