nimbussecure 0.5.0

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+binstubs
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in nimbussecure.gemspec
+gemspec

data/README.md

@@ -0,0 +1,104 @@
+# Nimbus Secure Store Client
+This gem provides the functionality required to talk to the Nimbus Secure
+service.
+Nimbus Secure is a service that provides highly encrypted storage of
+keys, passwords, tokens, and other private information necessary for running
+an application.
+For instance, you may store database credentials, service credentials,
+session cookie encryption keys, AWS keys, and other sensitive information
+without fear of them being stolen or accessible from any unauthorized
+individual.
+The data is stored encrypted, and the encryption keys are not communicated
+to the Nimbus Secure, meaning no one other than you may have access
+to this secure information.
+
+# The Service
+To use this Gem, you must sign up for the service by visiting
+www.nimbus secure.com and signing up for an account. Both
+paid and free accounts are available.
+
+Once you sign up for the service, you create crypt keys, which are
+secured tokens used to encrypt and decrypt the data you store within
+the service. While you set up the crypt keys from the service
+website, the crypt keys themselves are never sent to our servers,
+only you and anyone or system you authorize by giving them your
+crypt key will have access to the stored data within the service.
+
+You may create as many crypt keys as you desire. Typically, one per
+service or system is a good choice. Additionally, you can add new
+crypt keys and roll your data over to use a new crypt key very
+easily in order to increase your security (key rotation). Each crypt
+key has a name for easy identification, and we store a salted digest
+of the key itself to verify correctness when it is provided.
+
+Once your crypt keys are setup, you then enter all your sensitive data
+as "stored keys". Stored keys are encrypted using your specified
+crypt_keys before they are uploaded to our servers.
+
+For security purposes, anytime the website or this Gem require a
+crypt key, it must be provided by you (the user of the website or Gem),
+and the value provided is checked against a stored signed digest
+for valdity before it is used to perform the requested encryption/decryption.
+The requested encryption/decryption occurs entirely within the client's
+computer (user's browser for the website, application server for users
+of the Gem), and is never communicated with Nimbus Secure directly.
+
+# Using the Secured Data
+Once you have your data uploaded to your service, you can then
+install this Gem into your application, and use it's programmatic
+interface (or command line) to download and decrypt the stored
+credential so you may use it within your application.
+
+# Needed Credentials
+In order to use this Gem, you need two pieces of secure information.
+The first is an API key that provides access to the API and allows
+you to access your online account. You can create an API key by
+logging into the service.
+
+The second is the crypt key that you created above that is used
+to encrypt/decrypt your stored data. If you used more than one key,
+then you will need all the encrypted keys.
+
+Typically, you store these two pieces of information outside of your
+application source repository itself, and only provide them to your
+application during application startup (typically via ENVIRONMENT
+variables or other boot parameters). That way, you do not have
+to share the credentials or persist them source repository.
+
+Given these two pieces of information, this Gem, and the properly
+setup service, you can dynamically grab all your sensitive credentials
+and data needed to run your application. This typically happens during
+your application boot up process.
+
+# Setting up your .nibmussecure.yml file:
+The easiest way to setup Nimbus Secure is to setup a configuration file in your home directory.
+This file will contain sensitive information, so it should be marked as readable to you only
+(permission mode 400). The following is a sample configuration file:
+
+account: <my_account_id>
+apikey: <my_accounts_apikey>
+crypt_keys:
+  key1: <my_secret_value_for_key1>
+  key2: <my_secret_value_for_key2>
+
+The value "<my_account_id>" is the same value that appears in the base part of your URL you use to
+access Nmbus Secure. So, for example, if the URL you use to access Nimbus Secure is this:
+
+  https://www.nimbussecure.com/myaccount
+
+Then your account id is "myaccount". Your "apikey" can be retrieved from the "Api Keys" tab in
+Nimbus Secure.
+
+For each encryption key you have in your account and you wish to use, you must have a line in the
+"crypt_keys:"" section of the config file. In the above example, "key1" is the name assigned to the
+first encryption key, and "<my_secret_value_for_key1>" is the secret value you assigned when
+you created this encryption key.
+
+# Using in Ruby
+Assuming you have a stored key with a name "testmessage" setup, with an approprate encryption key.
+Also assuming your ~/.nimbussecure.yml file is setup with your account identifier, API Key,
+and the encryption key value. Then the following can be used to retrieve and decrypt a stored key:
+
+require 'nimbussecure'
+stored_value=nimbussecure.lookup_value "testmessage"
+puts "The decrypted stored value is: #{stored_value}"

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+
+desc "Run all tests"
+task :test do
+  require "#{File.dirname(Pathname.new(File.expand_path(__FILE__)).realpath.to_s).to_s}/test/run_tests.rb"
+end

data/bin/nimbussecure

@@ -0,0 +1,102 @@
+#!/usr/bin/env ruby
+require 'yaml'
+lib = File.expand_path(File.dirname(__FILE__) + '/../lib')
+$LOAD_PATH.unshift(lib) if File.directory?(lib) && !$LOAD_PATH.include?(lib)
+require 'nimbussecure'
+
+def keystore
+  $keystore||=NimbusSecure.new config_file: $filename
+end
+
+def usage
+  puts "
+Usage:
+    nimbussecure [-f <config_file>] account
+    nimbussecure [-f <config_file>] lookup <name>
+        <value> is sent to stdout
+Where:
+    -f <config_file> Specifies a config file (rather than \"~/.nimbussecure.yml\")
+    <value> is the specific value being encrypted and stored.
+
+Config File
+The config file should look like the following:
+================
+account: myacct
+apikey: myapikey
+crypt_keys:
+  key1: value1
+  key2: value2
+================
+
+NOTE:
+  account:
+    The account value (\"myacct\" in the example above) can be found based on the
+    URL you use to access Nimbus Secure.
+    If your URL is:
+        https://www.nimbussecure.com/my_acct/
+    Then the \"account\" value in your config file should be \"my_acct\"
+  apikey:
+    You can find your API Key by clicking on \"API Keys\" when you are logged into
+    the Nimbus Secure website.
+  crypt_keys:
+    This is a set of key/value pairs. The key is the name as defined in your
+    Nimbus Secure \"Encryption Keys\" section, and the value is the secret value
+    you used when you created your encryption key.
+"
+  exit 1
+end
+def show_error
+  puts "Error: #{keystore.last_error_message}"
+  keystore.last_error_details.each do |subject,error_list|
+    error_list.each do |error|
+      puts "       #{subject} #{error}"
+    end
+  end if keystore.last_error_details
+end
+
+def main
+  usage if ARGV.size<1
+  idx=0
+  $filename="~/.nimbussecure.yml"
+  if ARGV[idx]=='-f'
+    usage if ARGV.size<=2
+    $filename=ARGV[idx+1]
+    idx+=2
+  end
+  case ARGV[idx]
+  when "account" then
+    usage if ARGV.size!=idx+1
+    account
+  when "lookup" then
+    usage if ARGV.size!=idx+2
+    lookup ARGV[idx+1]
+  else
+    usage
+  end
+end
+
+def account
+  begin
+    account=keystore.account
+    puts "  Name: #{account.name}"
+    puts "  # Crypt Keys: #{account.num_crypt_keys}"
+    puts "  # Stored Keys: #{account.num_stored_keys}"
+  rescue => error
+    puts "Error: #{error}"
+  end
+end
+
+def lookup name
+  begin
+    res=keystore.lookup name
+    if res.nil?
+      show_error
+      return
+    end
+    puts res.decrypted_value
+  rescue => error
+    puts "Error: #{error}"
+  end
+end
+
+main

data/lib/nimbussecure.rb

@@ -0,0 +1,72 @@
+require "nimbussecure/version"
+require "nimbussecure/errors"
+require "nimbussecure/attr_accessor"
+require "nimbussecure/config"
+require "nimbussecure/base"
+require "nimbussecure/connect"
+require "nimbussecure/results"
+require "nimbussecure/accounts"
+require "nimbussecure/crypt_key"
+require "nimbussecure/stored_key"
+
+
+
+#
+# Simplified Usage
+# (assumes ~/.nimbussecure.yml is setup)
+# ======================================
+#
+# Get account details:
+#   nimbussecure.account
+#
+# Lookup a stored value and return the decrypted version (assumes crypt key is in ~/.nimbussecure.yml):
+#   nimbussecure.lookup_value :storedvalue_identifier
+#
+# Full Usage
+# ==========
+#
+# Setup access:
+#   * Assumes ~/.nimbussecure.yml is setup:
+#     ns=NimbusSecure.new
+#   * Assumes otherfile.yml is setup:
+#     ns=NimbusSecure.new config_file: "otherfile.yml"
+#   * Manual Configuration:
+#     ns=NimbusSecure account: "ident", apikey: "apikey", crypt_keys: {key1: "value1",key2: "value2"}
+#
+# Get account details
+#   account=ns.account
+#   account.name 
+#   account.num_crypt_keys
+#   account.num_stored_keys
+#
+# Get details on all configured encryption keys:
+#   crypt_keys=ns.crypt_keys
+#
+# Get all stored values:
+#   stored_keys=ns.stored_keys
+#
+# Lookup a single stored value:
+#   stored_key=ns.lookup ident
+#
+# With the stored_key object:
+#   stored_key.ident
+#   stored_key.decrypted_value # Assuming secret value for corresponding crypt_key is available locally
+#   stored_key.encrypted_value
+#   stored_key.key_type
+#
+# Ruby on Rails Usage
+# ===================
+#
+# Example usage in Rails to load the secret_token (config/initializers/secret_token.rb):
+#     require 'nimbussecure'
+#     secret_token=nimbussecure.lookup "secret_token"
+#     raise "Secret token missing" unless secret_token
+#     NimbusData::Application.config.secret_token = secret_token.decrypted_value
+# Or, alternately:
+#     require 'nimbussecure'
+#     secret_token=nimbussecure.lookup_value "secret_token"
+#     raise "Secret token missing" unless secret_token
+#     NimbusData::Application.config.secret_token = secret_token
+#
+# Assumes config file in ~/.nimbussecure
+#

data/lib/nimbussecure/accounts.rb

@@ -0,0 +1,16 @@
+class NimbusSecure
+  class Account<NimbusSecure::Base
+    nimbus_attr_accessor :name,:num_crypt_keys,:num_stored_keys
+    def initialize name,num_crypt_keys,num_stored_keys
+      @name=name
+      @num_crypt_keys=num_crypt_keys
+      @num_stored_keys=num_stored_keys
+    end
+  end
+  def account
+    return @account if @account
+    res=request_get "/account"
+    raise ServerError,"Invalid Account" unless res and res["account"]
+    @account=Account.new res["account"]["name"],res["account"]["num_crypt_keys"],res["account"]["num_stored_keys"]
+  end
+end

data/lib/nimbussecure/attr_accessor.rb

@@ -0,0 +1,21 @@
+module NimbusSecureAttrAccessor
+  def nimbus_attr_accessor *list
+    list.each do |attr|
+      define_method(attr) do  
+        instance_variable_get("@#{attr}")
+      end        
+
+      define_method("#{attr}=") do |val| 
+        instance_variable_set("@#{attr}",val)
+      end
+    end
+  end
+end
+class NimbusSecure
+  private
+  class Base
+    class<<self
+      include NimbusSecureAttrAccessor
+    end
+  end
+end

data/lib/nimbussecure/base.rb

@@ -0,0 +1,44 @@
+class NimbusSecure
+  #
+  # Possible ways to initialize:
+  #
+  # 1) Explicit:
+  #     ns=NimbusSecure.new account: "ident",apikey: "xyzzy", crypt_keys:{"key1":"value1","key2":"value2"}
+  # 2) File:
+  #     ns=NimbusSecure.new config_file: "./nsconfig.yml"
+  #     nsconfig.yml:
+  #     -------------
+  #     account: ident
+  #     apikey: xxx
+  #     crypt_keys:
+  #       key1: value1
+  #       key2: value2
+  # 3) YAML string (not file):
+  #     ns=NimbusSecure.new config: "account: ident\napikey: xxx\ncrypt_keys:\n  key1: value1\n  key2:value2\n"
+  # 4) Default:
+  #     ns=NimbusSecure.new
+  #     ...reads configuration from ~/nimbussecure.yml
+  #
+  def initialize opts={}
+    raise InvalidConfig unless opts.respond_to?(:size) and opts.respond_to?(:[])
+    opts[:config_file]=File.expand_path("~/.nimbussecure.yml") if opts.size==0
+    if opts[:config] || opts[:config_file]
+      raw_config_str=opts[:config]
+      raw_config_str = File.read(File.expand_path(opts[:config_file])) if opts[:config_file]
+      raise InvalidConfigFile unless raw_config_str
+      opts=YAML.load(raw_config_str)
+      raise InvalidConfigFile unless opts
+    end
+    opts=Hash[opts.map{ |k, v| [k.to_sym, v] }]
+    config.account="xxx"
+    config.endpoint=opts[:endpoint].to_s if opts[:endpoint]
+    config.account=opts[:account].to_s
+    config.apikey=opts[:apikey].to_s
+    config.crypt_keys=Hash[opts[:crypt_keys].map{ |k, v| [k.to_sym, v.to_s] }] if opts[:crypt_keys]
+    raise InvalidConfig,"Config is missing or incomplete" unless config.valid?
+  end
+
+end
+def nimbussecure
+  @nimbussecure||=NimbusSecure.new
+end

data/lib/nimbussecure/config.rb

@@ -0,0 +1,19 @@
+require 'yaml'
+class NimbusSecure
+  class Config
+    attr_accessor :endpoint,:account,:apikey,:crypt_keys
+    def initialize
+      @crypt_keys={}
+      @endpoint="https://www.nimbussecure.com"
+    end
+    def invalid?
+      endpoint.nil? || account.nil? || apikey.nil? || crypt_keys.size==0
+    end
+    def valid?
+      !invalid?
+    end
+  end
+  def config
+    @config||=Config.new
+  end
+end

data/lib/nimbussecure/connect.rb

@@ -0,0 +1,60 @@
+require 'json'
+require 'faraday'
+class NimbusSecure
+  private
+  def request_get path,data={}
+    response=request_connection.get do |req|
+      req.url "/#{config.account}/api/v1#{path}"
+      req.params data unless data.nil? or data.size==0
+    end
+    process_response response
+  end
+  def request_post path,data={}
+    response=request_connection.post do |req|
+      req.url "/#{config.account}/api/v1#{path}"
+      req.body=data
+    end
+    process_response response
+  end
+  def request_connection
+    raise MissingOrInvalidConfiguation if config.endpoint.nil? or config.apikey.nil?
+    @request_connection||=Faraday.new(url:config.endpoint) do |builder|
+      builder.request  :url_encoded
+      # builder.response :logger
+      builder.use AuthenticationMiddleware,config.apikey
+      builder.adapter  :net_http
+    end
+  end
+  def process_response response
+    raise ServerError,response if(response.status!=200)
+    @last_result=JSON.parse(response.body)
+    @last_status=@last_result["status"]
+    @last_error_message=nil
+    @last_error_details=nil
+    @last_error_message=@last_result["errormsg"] if @last_status!="success"
+    @last_error_details=@last_result["errordetails"] if @last_status!="success"
+    @last_result.delete "status"
+    @last_result.delete "errormsg"
+    @last_result.delete "errordetails"
+    return nil if @last_status!="success"
+    @last_result
+  end
+  class AuthenticationMiddleware < Faraday::Middleware
+    def initialize(app,apikey)
+      super(app)
+      @apikey=apikey
+    end
+    def call(env)
+      set_header env,'X-Nimbus-Component-Key',@apikey
+      set_header env,'X-Nimbus-Client-Version',NimbusSecure::VERSION
+      set_header env,'X-Nimbus-Client',"muskratsoftware/NimbusSecureClient"
+      set_header env,'X-Nimbus-Language',"ruby"
+      @app.call(env)
+    end
+    def set_header(env,header,value)
+      unless env[:request_headers][header]
+        env[:request_headers][header] = value
+      end
+    end
+  end
+end

data/lib/nimbussecure/crypt_key.rb

@@ -0,0 +1,75 @@
+require 'gibberish'
+class NimbusSecure
+  #
+  #
+  # Crypt Key
+  #
+  #
+  class CryptKey<NimbusSecure::Base
+    nimbus_attr_accessor :id,:valid,:ident,:salt,:digest,:key_value
+    def initialize nss,ck
+      @valid=true
+      @id=ck["id"]
+      @ident=ck["ident"].to_sym
+      @salt=ck["salt"]
+      @digest=ck["digest"]
+      if nss.config.crypt_keys[@ident.to_sym]
+        @key_value=nss.config.crypt_keys[@ident.to_sym]
+        sha256=Digest::SHA256.new
+        sha256 << @salt+@key_value
+        digest=sha256.to_s
+        if digest!=@digest
+          @valid=false
+          @salt=nil
+          @digest=nil
+          @key_value=nil
+          @invalid_message="Local encryption key does not match stored digest on server"
+        end
+      end
+    end
+    def valid?
+      @valid
+    end
+    def has_key_value?
+      return false unless valid?
+      !@key_value.nil?
+    end
+
+    def encrypt data
+      cipher.enc(data)
+    end
+    def decrypt data
+      cipher.dec(data)
+    end
+    private ################################################################################
+    def cipher
+      raise InvalidEncryptionKey,@invalid_message if @invalid_message
+      raise InvalidEncryptionKey,"Encryption Key does not have value configured locally" unless self.has_key_value?
+      raise InvalidEncryptionKey,"Invalid encryption key" unless self.valid?
+      Gibberish::AES.new(@key_value)
+    end
+  end
+
+  #
+  #
+  # Access Crypt Keys
+  #
+  #
+  def crypt_keys
+    res=request_get "/crypt_keys"
+    @cached_crypt_keys=res["crypt_keys"].map{|key|NimbusSecure::CryptKey.new self,key}
+  end
+  def crypt_keys_from_cache
+    return @cached_crypt_keys if @cached_crypt_keys
+    crypt_keys
+  end
+  def clear_crypt_key_cache
+    @cached_crypt_keys=nil
+  end
+  def crypt_key ident
+    crypt_keys_from_cache.each do |ck|
+      return ck if ck.ident==ident.to_sym
+    end
+    return nil
+  end
+end

data/lib/nimbussecure/errors.rb

@@ -0,0 +1,7 @@
+class NimbusSecure
+  class InvalidConfigFile<Exception;end
+  class InvalidConfig<Exception;end
+  class MissingOrInvalidConfiguation<Exception;end
+  class ServerError<Exception;end
+  class InvalidEncryptionKey<Exception;end
+end

data/lib/nimbussecure/results.rb

@@ -0,0 +1,20 @@
+class NimbusSecure
+  def last_result
+    @last_result
+  end
+  def last_status
+    @last_status
+  end
+  def success?
+    last_status=="success"
+  end
+  def failed?
+    last_status!="success"
+  end
+  def last_error_message
+    @last_error_message
+  end
+  def last_error_details
+    @last_error_details
+  end
+end

data/lib/nimbussecure/stored_key.rb

@@ -0,0 +1,47 @@
+require 'gibberish'
+class NimbusSecure
+  #
+  #
+  # Stored Key
+  #
+  #
+  #
+  class StoredKey<NimbusSecure::Base
+    nimbus_attr_accessor :id,:ident,:encrypted_value,:decrypted_value,:crypt_key,:key_type
+    def initialize nss,skparams
+      @id=skparams["id"]
+      @ident=skparams["ident"]
+      @encrypted_value=skparams["encrypted_value"]
+      @decrypted_value=nil
+      @crypt_key=NimbusSecure::CryptKey.new(nss,skparams["crypt_key"])
+      @key_type=skparams["key_type"]
+    end
+    def apply_crypt_key ck
+      self.decrypted_value=ck.decrypt self.encrypted_value
+    end
+    def value
+      apply_crypt_key self.crypt_key unless decrypted_value
+      decrypted_value
+    end
+  end
+
+  def lookup ident #,crypt_key
+    res=request_get "/stored_keys/#{ident}/locate"
+    return nil unless res
+    return nil unless res["stored_key"]
+    stored_key=NimbusSecure::StoredKey.new self,res["stored_key"]
+    ck=stored_key.crypt_key
+    return nil unless stored_key.encrypted_value
+    stored_key.apply_crypt_key ck
+    stored_key
+  end
+  def lookup_value ident
+    sk=lookup ident
+    return nil if sk.nil?
+    sk.value
+  end
+  def stored_keys
+    res=request_get "/stored_keys"
+    res["stored_keys"].map{|key|NimbusSecure::StoredKey.new self,key}
+  end
+end

data/lib/nimbussecure/version.rb

@@ -0,0 +1,3 @@
+class NimbusSecure
+  VERSION = "0.5.0"
+end

data/nimbussecure.gemspec

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "nimbussecure/version"
+
+Gem::Specification.new do |s|
+  s.name        = "nimbussecure"
+  s.version     = NimbusSecure::VERSION
+  s.authors     = ["Lee Atchison"]
+  s.email       = ["lee@nimbussecure.com"]
+  s.homepage    = ""
+  s.summary     = %q{Client library for NimbusSecure}
+  s.description = %q{Client library for NimbusSecure}
+
+  s.rubyforge_project = "nimbussecure"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "minitest"
+  s.add_development_dependency "vcr"
+  s.add_development_dependency "fakeweb"
+  s.add_runtime_dependency "faraday"
+  # s.add_runtime_dependency "rest-client"
+  s.add_runtime_dependency "gibberish"
+end

data/pry_load.rb

@@ -0,0 +1,2 @@
+$LOAD_PATH << File.dirname(File.expand_path(__FILE__).to_s).to_s+"/lib/"
+require 'nimbussecure'

data/test/accounts_spec.rb

@@ -0,0 +1,18 @@
+require 'minitest_helper'
+
+describe NimbusSecure::Account do
+  before do
+    @ns=NimbusSecure.new({endpoint: "http://localhost:3000",
+                                  account: "vcrtest",
+                                  apikey: "34807a2d4d-a9990c4748218eb6ed-70886bc0fd",
+                                  crypt_keys:{"primary"=>"xyzzyxyzzy"}})
+  end
+  it "should get a list of all accounts (when there is just one)" do
+    VCR.use_cassette "accounts/test" do
+      acct=@ns.account
+      acct.name.must_equal "VCR Account"
+      acct.num_crypt_keys.must_equal 23
+      acct.num_stored_keys.must_equal 34
+    end
+  end
+end

data/test/basic_key_lookup_spec.rb

@@ -0,0 +1,31 @@
+require 'minitest_helper'
+describe "Key Lookup" do
+  before do
+    @ns=NimbusSecure.new({endpoint: "http://localhost:3000",
+                                  account: "vcrtest",
+                                  apikey: "34807a2d4d-a9990c4748218eb6ed-70886bc0fd",
+                                  crypt_keys:{"primary"=>"xyzzyxyzzy","secondary"=>"yzzyxyzzyx"}})
+  end
+  it "should be able to lookup a key and decrypt it" do
+    VCR.use_cassette "lookup/key1" do
+      @ns.lookup_value(:test1).must_equal "This is a test stored key"
+    end
+  end
+  it "should be able to lookup a second key and decrypt it" do
+    VCR.use_cassette "lookup/key2" do
+      code=@ns.lookup_value(:test1).must_equal "This is a test stored key"
+      code=@ns.lookup_value(:test2).must_equal "This is another test stored key"
+    end
+  end
+  it "should be able to fail gracefully if key is not found" do
+    VCR.use_cassette "lookup/key3" do
+      code=@ns.lookup_value :invalidkey
+      code.must_be_nil
+      @ns.success?.must_equal false
+      @ns.last_error_message.must_equal "Could not locate Stored Key invalidkey"
+      @ns.last_error_details.must_be_nil
+    end
+  end
+end
+
+# TODO: We don't get an error when we lookup a key that doesn't exist...and other error cases...

data/test/fixtures/vcr_cassettes/accounts/test.yml

@@ -0,0 +1,52 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: http://localhost:3000/vcrtest/api/v1/account
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      x-nimbus-component-key:
+      - 34807a2d4d-a9990c4748218eb6ed-70886bc0fd
+      x-nimbus-client-version:
+      - 0.4.0
+      x-nimbus-client:
+      - muskratsoftware/NimbusSecureClient
+      x-nimbus-language:
+      - ruby
+      accept-encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      accept:
+      - ! '*/*'
+      user-agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      content-type:
+      - application/json; charset=utf-8
+      x-ua-compatible:
+      - IE=Edge
+      etag:
+      - ! '"e3a4296c05b32d0ff0c13b3792a87ec5"'
+      cache-control:
+      - max-age=0, private, must-revalidate
+      x-request-id:
+      - 31dee43871629934ff8e333f5151a2a3
+      x-runtime:
+      - '0.024024'
+      content-length:
+      - '92'
+      connection:
+      - close
+      server:
+      - thin 1.4.1 codename Chromeo
+    body:
+      encoding: US-ASCII
+      string: ! '{"status":"success","account":{"name":"VCR Account","num_crypt_keys":23,"num_stored_keys":34}}'
+    http_version: '1.1'
+  recorded_at: Thu, 02 Aug 2012 03:54:45 GMT
+recorded_with: VCR 2.2.4

data/test/fixtures/vcr_cassettes/lookup/key1.yml

@@ -0,0 +1,52 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: http://localhost:3000/vcrtest/api/v1/stored_keys/test1/locate
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      x-nimbus-component-key:
+      - 34807a2d4d-a9990c4748218eb6ed-70886bc0fd
+      x-nimbus-client-version:
+      - 0.4.0
+      x-nimbus-client:
+      - muskratsoftware/NimbusSecureClient
+      x-nimbus-language:
+      - ruby
+      accept-encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      accept:
+      - ! '*/*'
+      user-agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      content-type:
+      - application/json; charset=utf-8
+      x-ua-compatible:
+      - IE=Edge
+      etag:
+      - ! '"af24594f0840cb2713181cae549d7d53"'
+      cache-control:
+      - max-age=0, private, must-revalidate
+      x-request-id:
+      - 5588bd8d8d6058def7ed0ac007ea17b2
+      x-runtime:
+      - '0.029527'
+      content-length:
+      - '324'
+      connection:
+      - close
+      server:
+      - thin 1.4.1 codename Chromeo
+    body:
+      encoding: US-ASCII
+      string: ! '{"status":"success","stored_key":{"id":3,"ident":"test1","encrypted_value":"U2FsdGVkX1/GKKaIUe5+lSzPJ0shgBrFDx0oGQO0LBNvOPmo69NiN7SiuLMBQTCV\r\n","key_type":"symmetric","crypt_key":{"id":9,"ident":"primary","salt":"$2a$10$zT38XT42BXYjcfd5uFO2E.","digest":"d6992c3ad871a429b4485967456b87fbc916a126b60c788516e11dd4cb3e1410"}}}'
+    http_version: '1.1'
+  recorded_at: Thu, 02 Aug 2012 03:59:40 GMT
+recorded_with: VCR 2.2.4

data/test/fixtures/vcr_cassettes/lookup/key2.yml

@@ -0,0 +1,101 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: http://localhost:3000/vcrtest/api/v1/stored_keys/test1/locate
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      x-nimbus-component-key:
+      - 34807a2d4d-a9990c4748218eb6ed-70886bc0fd
+      x-nimbus-client-version:
+      - 0.4.0
+      x-nimbus-client:
+      - muskratsoftware/NimbusSecureClient
+      x-nimbus-language:
+      - ruby
+      accept-encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      accept:
+      - ! '*/*'
+      user-agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      content-type:
+      - application/json; charset=utf-8
+      x-ua-compatible:
+      - IE=Edge
+      etag:
+      - ! '"af24594f0840cb2713181cae549d7d53"'
+      cache-control:
+      - max-age=0, private, must-revalidate
+      x-request-id:
+      - 2a95b9c8862fb4b248da9467446f8c9c
+      x-runtime:
+      - '0.033637'
+      content-length:
+      - '324'
+      connection:
+      - close
+      server:
+      - thin 1.4.1 codename Chromeo
+    body:
+      encoding: US-ASCII
+      string: ! '{"status":"success","stored_key":{"id":3,"ident":"test1","encrypted_value":"U2FsdGVkX1/GKKaIUe5+lSzPJ0shgBrFDx0oGQO0LBNvOPmo69NiN7SiuLMBQTCV\r\n","key_type":"symmetric","crypt_key":{"id":9,"ident":"primary","salt":"$2a$10$zT38XT42BXYjcfd5uFO2E.","digest":"d6992c3ad871a429b4485967456b87fbc916a126b60c788516e11dd4cb3e1410"}}}'
+    http_version: '1.1'
+  recorded_at: Thu, 02 Aug 2012 03:59:40 GMT
+- request:
+    method: get
+    uri: http://localhost:3000/vcrtest/api/v1/stored_keys/test2/locate
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      x-nimbus-component-key:
+      - 34807a2d4d-a9990c4748218eb6ed-70886bc0fd
+      x-nimbus-client-version:
+      - 0.4.0
+      x-nimbus-client:
+      - muskratsoftware/NimbusSecureClient
+      x-nimbus-language:
+      - ruby
+      accept-encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      accept:
+      - ! '*/*'
+      user-agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      content-type:
+      - application/json; charset=utf-8
+      x-ua-compatible:
+      - IE=Edge
+      etag:
+      - ! '"63fba6143471cebd1321622de55ef88e"'
+      cache-control:
+      - max-age=0, private, must-revalidate
+      x-request-id:
+      - 570fcdfafe42ade8d7f96cc9fe8fcb8e
+      x-runtime:
+      - '0.106230'
+      content-length:
+      - '327'
+      connection:
+      - close
+      server:
+      - thin 1.4.1 codename Chromeo
+    body:
+      encoding: US-ASCII
+      string: ! '{"status":"success","stored_key":{"id":4,"ident":"test2","encrypted_value":"U2FsdGVkX18WTqz1XtiUi7s1riXV6w49980V3E4ysvhyNgVxTY8eocj8jgsGn4PG\r\n","key_type":"symmetric","crypt_key":{"id":10,"ident":"secondary","salt":"$2a$10$bcYes9rn8wAX0W/eIVSUBu","digest":"09890ee6ed6bb70d8a8671ab8bd6102da2d6e4f2e8311ccb5ca83195276e4581"}}}'
+    http_version: '1.1'
+  recorded_at: Thu, 02 Aug 2012 03:59:40 GMT
+recorded_with: VCR 2.2.4

data/test/fixtures/vcr_cassettes/lookup/key3.yml

@@ -0,0 +1,52 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: http://localhost:3000/vcrtest/api/v1/stored_keys/invalidkey/locate
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      x-nimbus-component-key:
+      - 34807a2d4d-a9990c4748218eb6ed-70886bc0fd
+      x-nimbus-client-version:
+      - 0.4.0
+      x-nimbus-client:
+      - muskratsoftware/NimbusSecureClient
+      x-nimbus-language:
+      - ruby
+      accept-encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      accept:
+      - ! '*/*'
+      user-agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      content-type:
+      - application/json; charset=utf-8
+      x-ua-compatible:
+      - IE=Edge
+      etag:
+      - ! '"fe603117385eb96a83f0de7440c7ad4e"'
+      cache-control:
+      - max-age=0, private, must-revalidate
+      x-request-id:
+      - 3dd7d8ef85311f6e9d0d8e2a6e064421
+      x-runtime:
+      - '0.021249'
+      content-length:
+      - '90'
+      connection:
+      - close
+      server:
+      - thin 1.4.1 codename Chromeo
+    body:
+      encoding: US-ASCII
+      string: ! '{"status":"error","errormsg":"Could not locate Stored Key invalidkey","errordetails":null}'
+    http_version: '1.1'
+  recorded_at: Thu, 02 Aug 2012 03:59:40 GMT
+recorded_with: VCR 2.2.4

data/test/minitest_helper.rb

@@ -0,0 +1,10 @@
+$LOAD_PATH << File.dirname(File.expand_path(__FILE__).to_s).to_s+"/../lib/"
+require 'minitest/autorun'
+require 'vcr'
+require 'nimbussecure'
+
+VCR.configure do |c|
+  c.cassette_library_dir = 'test/fixtures/vcr_cassettes'
+  c.hook_into :fakeweb
+  # c.stub_with :fakeweb
+end

data/test/run_tests.rb

@@ -0,0 +1,6 @@
+require 'minitest/autorun'
+test_dir_root=File.dirname(Pathname.new(File.expand_path(__FILE__)).realpath.to_s).to_s
+$LOAD_PATH << test_dir_root
+FileList["#{test_dir_root}/*_spec.rb"].each do |file|
+  require file
+end

metadata

@@ -0,0 +1,135 @@
+--- !ruby/object:Gem::Specification
+name: nimbussecure
+version: !ruby/object:Gem::Version
+  version: 0.5.0
+  prerelease: 
+platform: ruby
+authors:
+- Lee Atchison
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-08-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: &70236373001520 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70236373001520
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: &70236373001100 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70236373001100
+- !ruby/object:Gem::Dependency
+  name: fakeweb
+  requirement: &70236373000680 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70236373000680
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: &70236373000240 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70236373000240
+- !ruby/object:Gem::Dependency
+  name: gibberish
+  requirement: &70236372999780 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70236372999780
+description: Client library for NimbusSecure
+email:
+- lee@nimbussecure.com
+executables:
+- nimbussecure
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- bin/nimbussecure
+- lib/nimbussecure.rb
+- lib/nimbussecure/accounts.rb
+- lib/nimbussecure/attr_accessor.rb
+- lib/nimbussecure/base.rb
+- lib/nimbussecure/config.rb
+- lib/nimbussecure/connect.rb
+- lib/nimbussecure/crypt_key.rb
+- lib/nimbussecure/errors.rb
+- lib/nimbussecure/results.rb
+- lib/nimbussecure/stored_key.rb
+- lib/nimbussecure/version.rb
+- nimbussecure.gemspec
+- pry_load.rb
+- test/accounts_spec.rb
+- test/basic_key_lookup_spec.rb
+- test/fixtures/vcr_cassettes/accounts/test.yml
+- test/fixtures/vcr_cassettes/lookup/key1.yml
+- test/fixtures/vcr_cassettes/lookup/key2.yml
+- test/fixtures/vcr_cassettes/lookup/key3.yml
+- test/minitest_helper.rb
+- test/run_tests.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: nimbussecure
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: Client library for NimbusSecure
+test_files:
+- test/accounts_spec.rb
+- test/basic_key_lookup_spec.rb
+- test/fixtures/vcr_cassettes/accounts/test.yml
+- test/fixtures/vcr_cassettes/lookup/key1.yml
+- test/fixtures/vcr_cassettes/lookup/key2.yml
+- test/fixtures/vcr_cassettes/lookup/key3.yml
+- test/minitest_helper.rb
+- test/run_tests.rb