RubyGems - opensecret - Versions diffs - 0.0.960 → 0.0.962 - Mend

opensecret 0.0.960 → 0.0.962

Files changed (23) hide show

checksums.yaml +4 -4
data/lib/notepad/{blow.rb → scratch.pad.rb} +1 -1
data/lib/opensecret.rb +36 -5
data/lib/plugins/cipher.rb +100 -201
data/lib/plugins/ciphers/aes-256.rb +85 -101
data/lib/plugins/ciphers/blowfish.rb +2 -2
data/lib/plugins/coldstore.rb +38 -2
data/lib/plugins/crypt.io.rb +220 -0
data/lib/plugins/secrets.uc.rb +44 -0
data/lib/plugins/usecases/init.rb +9 -1
data/lib/plugins/usecases/lock.rb +3 -3
data/lib/plugins/usecases/open.rb +4 -4
data/lib/plugins/usecases/put.rb +1 -1
data/lib/plugins/usecases/unlock.rb +208 -0
data/lib/version.rb +1 -1
metadata +5 -10
data/lib/opensecret/executors/crypt.keys/crypt.keys.ini +0 -26
data/lib/opensecret/executors/crypt.keys/crypt.keys.rb +0 -68
data/lib/opensecret/executors/decrypt/decrypt.ini +0 -64
data/lib/opensecret/executors/decrypt/decrypt.rb +0 -49
data/lib/opensecret/executors/encrypt/encrypt.ini +0 -55
data/lib/opensecret/executors/encrypt/encrypt.rb +0 -82
data/lib/using.txt +0 -247

data/lib/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module OpenSecret
-  VERSION = "0.0.960"
+  VERSION = "0.0.962"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: opensecret
 version: !ruby/object:Gem::Version
-  version: 0.0.960
+  version: 0.0.962
 platform: ruby
 authors:
 - Apollo Akora
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-03-09 00:00:00.000000000 Z
+date: 2018-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inifile
@@ -87,19 +87,14 @@ files:
 - lib/extension/string.rb
 - lib/factbase/facts.opensecret.io.ini
 - lib/logging/gem.logging.rb
-- lib/notepad/blow.rb
+- lib/notepad/scratch.pad.rb
 - lib/opensecret.rb
-- lib/opensecret/executors/crypt.keys/crypt.keys.ini
-- lib/opensecret/executors/crypt.keys/crypt.keys.rb
-- lib/opensecret/executors/decrypt/decrypt.ini
-- lib/opensecret/executors/decrypt/decrypt.rb
-- lib/opensecret/executors/encrypt/encrypt.ini
-- lib/opensecret/executors/encrypt/encrypt.rb
 - lib/opensecret/plugins.io/git/git.flow.rb
 - lib/plugins/cipher.rb
 - lib/plugins/ciphers/aes-256.rb
 - lib/plugins/ciphers/blowfish.rb
 - lib/plugins/coldstore.rb
+- lib/plugins/crypt.io.rb
 - lib/plugins/envelope.rb
 - lib/plugins/secrets.uc.rb
 - lib/plugins/usecase.rb
@@ -108,6 +103,7 @@ files:
 - lib/plugins/usecases/open.rb
 - lib/plugins/usecases/put.rb
 - lib/plugins/usecases/safe.rb
+- lib/plugins/usecases/unlock.rb
 - lib/session/attributes.rb
 - lib/session/dictionary.rb
 - lib/session/fact.finder.rb
@@ -116,7 +112,6 @@ files:
 - lib/session/session.rb
 - lib/session/time.stamp.rb
 - lib/session/user.home.rb
-- lib/using.txt
 - lib/version.rb
 - opensecret.gemspec
 homepage: https://www.eco-platform.co.uk

data/lib/opensecret/executors/crypt.keys/crypt.keys.ini DELETED Viewed

@@ -1,26 +0,0 @@
-[crypt.keys]
-min.passwd.len  =  e>> 16
-nickname        =  godzilla
-root.domain     =  devopswiki.co.uk
-env.var.name    =  SECRET_MATERIAL
-ratio           =  e>> 3
-bit.key.size    =  e>> 8192
-key.cipher      =  e>> OpenSSL::Cipher.new 'AES-128-CBC'
-secret.keyname  =  e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
-secret.keydir   =  e>> @f[@i[:workstation]][:secrets_dir]
-secret.keypath  =  e>> File.join @s[:secret_keydir], @s[:secret_keyname]
-repo.name       =  material_data
-local.gitrepo   =  e>> File.join @i[:dir], @s[:repo_name]
-public.gitrepo  =  https://www.eco-platform.co.uk/content/material.data.git
-public.dirname  =  public_keys
-public.keyroute =  e>> File.join @s[:root_domain], @s[:public_dirname]
-public.keydir   =  e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
-public.keyname  =  e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
-public.keypath  =  e>> File.join @s[:public_keydir], @s[:public_keyname]
-prompt.1        =  Enter a Robust Password
-prompt.2        =  Re-enter that Password

data/lib/opensecret/executors/crypt.keys/crypt.keys.rb DELETED Viewed

@@ -1,68 +0,0 @@
-#!/usr/bin/ruby
-# --
-# -- This plugin creates cryptographic keys, installs them and then messages
-# -- and notifies as required.
-# --
-# -- Input
-# --
-# --   [1] - memorable portion of password
-# --   [2] - memorable password entered again for validation
-# --
-# -- Output
-# --
-# --   [1] - machine portion of password to be added as environment variable
-# --   [2] - secured (password locked) private key to put on removable media
-# --   [3] - an open [public key] to be placed on web accessible destination
-# --   [4] - a message detailing that a new keypair is now created/installed
-# --
-class CryptKeys
-  def core_provisioning
-    log.info(ere) { "# ## ####### ########################################## ## #" }
-    log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
-    log.info(ere) { "# -- [crypt] This plugin encrypts a file or string. --- -- #" }
-    log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
-    log.info(ere) { "# ## ####### ########################################## ## #" }
-    natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
-    machine_password = Crypto.get_machine_password natural_password.length, @p[:ratio]
-    amalgam_password = Crypto.get_amalgam_password natural_password, machine_password, @p[:ratio]
-    asymmetric_keys = OpenSSL::PKey::RSA.new @p[:bit_key_size]
-    secured_keytext = asymmetric_keys.export @p[:key_cipher], amalgam_password
-    public_key_text = asymmetric_keys.public_key.to_pem
-    Dir.mkdir @p[:secret_keydir] unless File.exists? @p[:secret_keydir]
-    File.write @p[:secret_keypath], secured_keytext
-    Crypto.print_secret_env_var @p[:env_var_name], machine_password
-    GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
-    FileUtils.mkdir_p @p[:public_keydir]
-    File.write @p[:public_keypath], public_key_text
-    GitFlow.push @p[:local_gitrepo], @p[:public_keyname], @c[:time][:stamp]
-    exit
-key4_pem = File.read 'private.secure.pem'
-pass_phrase = 'superduperpasswordistoBeENTEREDRIGHT1234HereandRightNOW'
-key4 = OpenSSL::PKey::RSA.new key4_pem, pass_phrase
-decrypted_text = key4.private_decrypt(Base64.decode64(encrypted_string))
-print "\nHey we have done the decryption.\n", "\n"
-print decrypted_text, "\n"
-    log.info(ere) { "# -- [crypt] ------------------------------------------ -- #" }
-    log.info(ere) { "# ## ####### ########################################## ## #" }
-  end
-end

data/lib/opensecret/executors/decrypt/decrypt.ini DELETED Viewed

@@ -1,64 +0,0 @@
-[decrypt]
-# ---> secret.id       =  DEVOPS_SECRET_MATERIAL
-# ---> secret.part     =  e>> ENV[@s[:secret_id]]
-# ---> secret.key      =  e>> @s[:secret_part] + CmdLine.instance.key_values[:key]
-# ---> secret.dir      =  e>> @f[@i[:workstation]][:secrets_dir]
-# ---> secret.file     =  e>> "DELETE_" + @f[:time][:stamp] + "_" + CmdLine.instance.key_values[:file]
-# ---> secret.in       =  e>> File.join @s[:secret_dir], CmdLine.instance.key_values[:file]
-# ---> secret.out      =  e>> File.join Dir.tmpdir, @s[:secret_file]
-# ---> secret.crypt    =  e>> File.read(@s[:secret_in]).chomp
-# ---> temporary.dir   =  e>> Dir.tmpdir
-prompt.1        =  Enter your Key Password
-prompt.2        =  Re-enter the Key Password
-min.passwd.len  =  e>> 16
-nickname        =  godzilla
-root.domain     =  devopswiki.co.uk
-env.var.name    =  SECRET_MATERIAL
-machine.secret  =  e>> ENV[@s[:env_var_name]]
-ratio           =  e>> 3
-bit.key.size    =  e>> 8192
-key.cipher      =  e>> OpenSSL::Cipher.new 'AES-128-CBC'
-secret.leadtxt  =  e>> @s[:nickname] + dot + @s[:root_domain]
-secret.keyname  =  e>> @s[:secret_leadtxt] + dot + @f[:time][:stamp] + ".txt"
-secret.keydir   =  e>> @f[@i[:workstation]][:secrets_dir]
-secret.rubydir  =  e>> Dir.new @s[:secret_keydir]
-secret.newest   =  e>> @s[:secret_rubydir].ascii_order_file_starting_with @s[:secret_leadtxt]
-secret.keytext  =  e>> File.read @s[:secret_newest]
-repo.name       =  material_data
-local.gitrepo   =  e>> File.join @i[:dir], @s[:repo_name]
-public.gitrepo  =  https://www.eco-platform.co.uk/content/material.data.git
-public.dirname  =  public_keys
-public.keyroute =  e>> File.join @s[:root_domain], @s[:public_dirname]
-public.keydir   =  e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
-public.keyname  =  e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
-public.keypath  =  e>> File.join @s[:public_keydir], @s[:public_keyname]
-# --
-# -- Note that we can only predict the crypt folder from looking at full path.
-# -- This is because the user may enter a path string like the below.
-# --
-# --     --path=dates/bithdays/wife.birthday
-# --
-# -- So we extrapolate the crypt directory from the full file path.
-# -- We also extrapolate the crypt filename from the final segment.
-# --
-crypt.dir.name  =  crypt_files
-crypt.rel.base  =  e>> File.join @s[:root_domain], @s[:crypt_dir_name]
-crypt.rel.path  =  e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
-crypt.sudopath  =  e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
-crypt.dir.path  =  e>> File.dirname @s[:crypt_sudopath]
-crypt.filename  =  e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
-crypt.filepath  =  e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
-plaintext.name  =  e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".plain.txt"
-plaintext.file  =  e>> "DELETE_" + @f[:time][:stamp] + "_" + @s[:plaintext_name]
-plaintext.path  =  e>> File.join Dir.tmpdir, @s[:plaintext_file]

data/lib/opensecret/executors/decrypt/decrypt.rb DELETED Viewed

@@ -1,49 +0,0 @@
-#!/usr/bin/ruby
-# --
-# -- This decryption plugin brings together many elements to
-# -- decrypt text that is a union of the public key and the
-# -- plaintext material.
-# --
-# -- To perform the decryption we
-# --
-# --  [1] - read the human entered relative path to the material
-# --  [2] - request and read the human portion of the password
-# --  [3] - read the machine password in the environment variable
-# --  [4] - amalgamate (join) the human and the machine passwords
-# --  [5] - download the encryptd material from a git repository
-# --  [6] - access the private key from a [local] removable drive
-# --  [7] - unlock the private key with the amalgamated password
-# --  [8] - decrypt the text into the pre-configured destination
-# --
-class Decrypt
-  def core_provisioning
-    log.info(ere) { "# ## ######### ######################################## ## #" }
-    log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
-    log.info(ere) { "# -- [decrypt] This plugin decrypts a filed string. --- -- #" }
-    log.info(ere) { "# -- [decrypt] ---------------------------------------- -- #" }
-    log.info(ere) { "# ## ######### ######################################## ## #" }
-    GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
-    Throw.if_not_exists @p[:crypt_filepath]
-    crypted_material = File.read @p[:crypt_filepath]
-    natural_password = Crypto.collect_secret @p[:min_passwd_len], @p[:prompt_1], @p[:prompt_2]
-    amalgam_password = Crypto.get_amalgam_password natural_password, @p[:machine_secret], @p[:ratio]
-    decryption_key = OpenSSL::PKey::RSA.new @p[:secret_keytext], amalgam_password
-    decrypted_text = decryption_key.private_decrypt(Base64.decode64(crypted_material))
-    File.write @p[:plaintext_path], decrypted_text
-    log.info(ere) { "# -- [decrypt] ------------------------------------------ -- #" }
-    log.info(ere) { "# ## ######### ########################################## ## #" }
-  end
-end

data/lib/opensecret/executors/encrypt/encrypt.ini DELETED Viewed

@@ -1,55 +0,0 @@
-[encrypt]
-prompt.1        =  Enter Secret Text
-prompt.2        =  Re-enter the Text
-min.passwd.len  =  e>> 16
-nickname        =  godzilla
-root.domain     =  devopswiki.co.uk
-env.var.name    =  SECRET_MATERIAL
-ratio           =  e>> 3
-bit.key.size    =  e>> 8192
-key.cipher      =  e>> OpenSSL::Cipher.new 'AES-128-CBC'
-secret.keyname  =  e>> @s[:nickname] + dot + @s[:root_domain] + dot + @f[:time][:stamp] + ".txt"
-secret.keydir   =  e>> @f[@i[:workstation]][:secrets_dir]
-secret.keypath  =  e>> File.join @s[:secret_keydir], @s[:secret_keyname]
-repo.name       =  material_data
-local.gitrepo   =  e>> File.join @i[:dir], @s[:repo_name]
-public.gitrepo  =  https://www.eco-platform.co.uk/content/material.data.git
-public.dirname  =  public_keys
-public.keyroute =  e>> File.join @s[:root_domain], @s[:public_dirname]
-public.keydir   =  e>> File.join @s[:local_gitrepo], @s[:public_keyroute]
-public.keyname  =  e>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
-public.keypath  =  e>> File.join @s[:public_keydir], @s[:public_keyname]
-# --
-# -- Note that we can only predict the crypt folder from looking at full path.
-# -- This is because the user may enter a path string like the below.
-# --
-# --     --path=dates/bithdays/wife.birthday
-# --
-# -- So we extrapolate the crypt directory from the full file path.
-# -- We also extrapolate the crypt filename from the final segment.
-# --
-crypt.dir.name  =  crypt_files
-crypt.rel.base  =  e>> File.join @s[:root_domain], @s[:crypt_dir_name]
-crypt.rel.path  =  e>> File.join @s[:crypt_rel_base], CmdLine.instance.key_values[:name]
-crypt.sudopath  =  e>> File.join @s[:local_gitrepo], @s[:crypt_rel_path]
-crypt.dir.path  =  e>> File.dirname @s[:crypt_sudopath]
-crypt.filename  =  e>> File.basename(@s[:crypt_sudopath]) + dot + @s[:nickname] + ".crypt.txt"
-crypt.filepath  =  e>> File.join @s[:crypt_dir_path], @s[:crypt_filename]
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday

data/lib/opensecret/executors/encrypt/encrypt.rb DELETED Viewed

@@ -1,82 +0,0 @@
-#!/usr/bin/ruby
-# --
-# -- This simple [cipher] plugin encrypts either the inputted string or
-# -- file, using the configured public key and writes the cryptic material
-# -- to a file that is checked into a git repository.
-# --
-# -- -----------------------
-# -- Example Parameters
-# -- -----------------------
-# --
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# -- @todo change input from --name to --path => encrypt --path=dates/bithdays/wife.birthday
-# --
-# --  --name=dates/birthdays      (mandatory)
-# --  --file=/home/joe/laptop.key (optional)
-# --
-# -- ---------------------------------------------
-# -- Escaping - Prefer BACKSLASH to DOUBLE QUOTES
-# -- ---------------------------------------------
-# --
-# -- Sensitive keys and passwords usually contain non standard characters.
-# -- Now you can use either BACKSLASHES or DOUBLE QUOTES to escape them.
-# --
-# -- Prefer backslash to double quotes.
-# --
-# -- Why? Example1 = --text=wow!wow!wee     Will FAIL
-# --      Example2 = --text=wow\!wow\!wee   Will SUCCEED
-# --      Example3 = --text=in(doubt)here   Will FAIL
-# --      Example4 = --text="in(doubt)here" Will SUCCEED
-# --      Example5 = --text="no!way"        Will FAIL
-# --      Example6 = --text="no\!and(oh)my" SUCCEEDS BUT INCLUDES backslash
-# --      Example7 = --text=no\!and\(oh\)my SUCCEEDS (NO backslash)
-# --
-# -- Example 6 will succeed but the decrypted string will include the
-# -- backslash like => no\!and(oh)my
-# --
-# -- Example 7 is the best for when exclamation marks and soft quotes exist.
-# -- Decrypted string is => no!and(oh)my
-# --
-class Encrypt
-  def core_provisioning
-    log.info(ere) { "# ## ######### ########################################## ## #" }
-    log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
-    log.info(ere) { "# -- [encrypt] This plugin encrypts a file or string. --- -- #" }
-    log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
-    log.info(ere) { "# ## ######### ########################################## ## #" }
-    plaintext_secret = ""
-    if CmdLine.include? :file then
-      plaintext_filepath = CmdLine.instance.key_values[:file]
-      Throw.if_not_exists plaintext_filepath
-      plaintext_secret = File.read plaintext_filepath
-    else
-      plaintext_secret = Crypto.collect_secret 3, @p[:prompt_1], @p[:prompt_2]
-    end
-    GitFlow.do_clone_repo @p[:public_gitrepo], @p[:local_gitrepo]
-    public_key_text = File.read @p[:public_keypath]
-    encryption_key = OpenSSL::PKey::RSA.new public_key_text
-    binary_crypt_text = encryption_key.public_encrypt plaintext_secret
-    crypt_material = Base64.encode64 binary_crypt_text
-    FileUtils.mkdir_p @p[:crypt_dir_path]
-    File.write @p[:crypt_filepath], crypt_material
-    GitFlow.push @p[:local_gitrepo], @p[:crypt_filename], @c[:time][:stamp]
-    log.info(ere) { "# -- [encrypt] ------------------------------------------ -- #" }
-    log.info(ere) { "# ## ######### ########################################## ## #" }
-  end
-end

data/lib/using.txt DELETED Viewed

@@ -1,247 +0,0 @@
-==============================================================================================
-open office/laptop
-(or pull)
-put  login/username=myname
-put  login/password=mysecret
-list
-put  disk/password=anothersecret
-swap disk/password=bettersecret
-lock
-(or push)
-==============================================================================================
-==============================================================================================
-On Curent Workstation
---------------------------
-os copy config
-Go to new Workstation
---------------------------
-enter usb key/phone dir (wherever safe is)
-sudo gem install opensecret
-os safe /path/to/safe
-os store /path/to/store (if different)
-os paste config
-(Now carry on as normal - no need for os init)
-==============================================================================================
-==============================================================================================
-To Decommission from Workstation
-------------------------------------
-os delete config
-If necessary you can do
-gem uninstall opensecret
-==============================================================================================
-==============================================================================================
-To Backup
-------------------------------------
-Create single backup reference number
-Create huge symmetric key
-Baseline each file with signature and date / time
-os rekeys and takes direction on where to send crypted + amalgamated keystore and cryptstore
-That goes to one backup location (even tape drive)
-Then the machine config and othe sensitive items can be emailed - saved on phone - use os's rest services.
-It emails you with a key wealth report.
-If you bring them back together it will rebuild (restore) everything for you.
-==============================================================================================
-==============================================================================================
-You can output in the key EAI data formats - the default is INI.
-os read office/laptop                # outputs all groups and key/value pairs (INI format)
-os read office/laptop/login          # outputs the login group and its key/value pairs (INI)
-os read office/laptop/login/username # outputs only the secret value
-os peek office/laptop                # (secrets redacted) outputs groups and key/value pairs
-os peek office/laptop/login          # (secrets redacted) outputs login group and its keys
-os peek office/laptop/login/username # exact mirror of full read command
-Kiss and Tell
-==================
-os kiss   # taints the secret (and/or secret tree) prepping it for a tell (share)
-os tell   # send secret by sending keys os tell london/safe-houses
-os put
-os remove
-os wipe
-os open x/y    (when packet exists)
-os lock
-os unlock (a file)
-os undo
-os zip
-os push (after a zip or file locking operation)
-==============================================================================================
-==============================================================================================
-Input
-======
-file
-use bash pipes
-cli string
-sensitive collection
-zip files in folder
-recursive zip with all lower folders
-==============================================================================================
-==============================================================================================
-open office/laptop --with=asdfasdflkhlkh
-(or pull)
-list
-get login
-get disk
-trash disk
-list
-get login/password
-lock
-(or push)
-==============================================================================================
-lock <<path/to/a/file.txt>>      ## locks (encrypts) the file in-place | you must delete it
-lock <<path/to/a/folder>> --zip  ## zips and encrypts folder (in-place) | you must delete it
-==============================================================================================
-Command => open office/laptop
-Effect1 => Creates in-memory INI string (see below) and writes (in effect2) to file
-Effect2 => Creates a an openkey eg asdfa234234234sfss and a long password.
-Effect3 => Creates a file  ../<<email>>/opened.files/office/laptop.asdfa234234234sfss.x.txt
-Effect4 => Puts long password in $HOME/.opensecret/session.keys/asdfa234234234sfss.x.txt
--------------------------------------
-in-memory INI string
--------------------------------------
-[opensecret]
-secret.path = office/laptop
--------------------------------------
-Assert => no office/laptop exists before opening (if so prompt user to => trash office/laptop
-==============================================================================================
-Command => open office/laptop/login/fullname="Mr Blobby"
-Effect1 => Creates in-memory INI string (see below) and writes (in effect2) to file
-Effect2 => Creates a file  ../<<email>>/opened.files/office/laptop.asdfa234234234sfss.x.txt
-Effect3 => With its encrypt-key in $HOME/.opensecret/session.keys/asdfa234234234sfss.x.txt
--------------------------------------
-in-memory INI string
--------------------------------------
-[opensecret]
-secret.path = office/laptop
-[login]
-fullname = Mr Blobby
--------------------------------------
-Assert => no office/laptop exists before opening (if so prompt user to => trash office/laptop
-                            inner_key
-		      outer_key
-                filename
-         foldername
-office/room2/rack6/server4/username
-open
-get session id as time string
-use
-close
-lock wifi/password
-[keys]
-wifi = asdff234523
-password = dfgsdfgsfg
-asdff234523/dfgsdfgsfg
-[home]
-wifi=asdfasd
-alarm=fdghdfg
-safe1=3456hjk3h45
-safe2=2n34lijss
-======================================
-in asdfasd  (wifi)
-[home/wifi]
-ssid = 3452454
-password = 2452345
-office/room2/rack6/server4/username
-office/accounts/sage
-office/alarm/pin
-office/gmail/username
-[office]
-room2 = asddf345
-accounts = 9o8udfg
-alarm = 345ljdfg
-gmail = ldf2345
-[office/room2]
-rack6 = asdf234
-[office/room2]