opensecret 0.0.988 → 0.0.9925
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +56 -159
- data/bin/opensecret +2 -2
- data/bin/ops +17 -2
- data/lib/extension/string.rb +14 -16
- data/lib/{interpreter.rb → interprete.rb} +53 -29
- data/lib/keytools/binary.map.rb +49 -0
- data/lib/keytools/kdf.api.rb +249 -0
- data/lib/keytools/kdf.bcrypt.rb +64 -29
- data/lib/keytools/kdf.pbkdf2.rb +92 -83
- data/lib/keytools/kdf.scrypt.rb +190 -0
- data/lib/keytools/key.64.rb +326 -0
- data/lib/keytools/key.algo.rb +109 -0
- data/lib/keytools/key.api.rb +1281 -0
- data/lib/keytools/key.db.rb +265 -0
- data/lib/keytools/{key.module.rb → key.docs.rb} +55 -0
- data/lib/keytools/key.error.rb +110 -0
- data/lib/keytools/key.id.rb +271 -0
- data/lib/keytools/key.iv.rb +107 -0
- data/lib/keytools/key.local.rb +265 -0
- data/lib/keytools/key.mach.rb +248 -0
- data/lib/keytools/key.now.rb +402 -0
- data/lib/keytools/key.pair.rb +259 -0
- data/lib/keytools/key.pass.rb +120 -0
- data/lib/keytools/key.rb +428 -298
- data/lib/keytools/keydebug.txt +295 -0
- data/lib/logging/gem.logging.rb +3 -3
- data/lib/modules/cryptology/collect.rb +20 -0
- data/lib/session/require.gem.rb +1 -1
- data/lib/usecase/cmd.rb +417 -0
- data/lib/usecase/id.rb +36 -0
- data/lib/usecase/import.rb +174 -0
- data/lib/usecase/init.rb +78 -0
- data/lib/usecase/login.rb +70 -0
- data/lib/usecase/logout.rb +30 -0
- data/lib/usecase/open.rb +126 -0
- data/lib/{interprete → usecase}/put.rb +100 -47
- data/lib/usecase/read.rb +89 -0
- data/lib/{interprete → usecase}/safe.rb +0 -0
- data/lib/{interprete → usecase}/set.rb +0 -0
- data/lib/usecase/token.rb +111 -0
- data/lib/{interprete → usecase}/use.rb +0 -0
- data/lib/version.rb +1 -1
- data/opensecret.gemspec +4 -3
- metadata +39 -33
- data/lib/exception/cli.error.rb +0 -53
- data/lib/exception/errors/cli.errors.rb +0 -31
- data/lib/interprete/begin.rb +0 -232
- data/lib/interprete/cmd.rb +0 -621
- data/lib/interprete/export.rb +0 -163
- data/lib/interprete/init.rb +0 -205
- data/lib/interprete/key.rb +0 -119
- data/lib/interprete/open.rb +0 -148
- data/lib/interprete/seal.rb +0 -129
- data/lib/keytools/digester.rb +0 -245
- data/lib/keytools/key.data.rb +0 -227
- data/lib/keytools/key.derivation.rb +0 -341
- data/lib/modules/mappers/collateral.rb +0 -282
- data/lib/modules/mappers/envelope.rb +0 -127
- data/lib/modules/mappers/settings.rb +0 -170
- data/lib/notepad/scratch.pad.rb +0 -224
- data/lib/store-commands.txt +0 -180
data/lib/usecase/id.rb
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module OpenSecret
|
4
|
+
|
5
|
+
|
6
|
+
class Id < Command
|
7
|
+
|
8
|
+
|
9
|
+
def execute
|
10
|
+
|
11
|
+
puts ""
|
12
|
+
puts OpenKey::KeyNow.grab()
|
13
|
+
puts OpenKey::KeyNow.fetch()
|
14
|
+
puts ""
|
15
|
+
|
16
|
+
return
|
17
|
+
|
18
|
+
end
|
19
|
+
|
20
|
+
|
21
|
+
# Perform pre-conditional validations in preparation to executing the main flow
|
22
|
+
# of events for this use case. This method may throw the below exceptions.
|
23
|
+
#
|
24
|
+
# @raise [SafeDirNotConfigured] if the safe's url has not been configured
|
25
|
+
# @raise [EmailAddrNotConfigured] if the email address has not been configured
|
26
|
+
# @raise [StoreUrlNotConfigured] if the crypt store url is not configured
|
27
|
+
def pre_validation
|
28
|
+
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
|
33
|
+
end
|
34
|
+
|
35
|
+
|
36
|
+
end
|
@@ -0,0 +1,174 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module OpenSecret
|
4
|
+
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
# The <b>import use case</b> follows <b>open</b> and it pulls a file into an
|
8
|
+
# <em>(encrypted at rest)</em> <b>envelope</b> while writing metadata about
|
9
|
+
# the file into the opened tree dictionary position.
|
10
|
+
#
|
11
|
+
# == import and reimport commands
|
12
|
+
#
|
13
|
+
# - the import command expects a path parameter and errors if not recvd
|
14
|
+
# - the reimport command is happy with either one or zero parameters
|
15
|
+
#
|
16
|
+
# If the reimport command has no parameters it expects that the opened path
|
17
|
+
# already contains an imported file. It uses the import.path key to locate
|
18
|
+
# the file.
|
19
|
+
#
|
20
|
+
# If the path parameter is given to reimport it uses it and also resets the
|
21
|
+
# import.path key to reflect the path it was given.
|
22
|
+
#
|
23
|
+
# == garbage collect dangling files
|
24
|
+
#
|
25
|
+
# Like dangling envelopes - dangling files will pop up when re-imported.
|
26
|
+
# These are handled by the garbage collection policy which can be to
|
27
|
+
# remove immediately - remove on next login - remove after a time period
|
28
|
+
# or to never remove (manual garbage collection).
|
29
|
+
#
|
30
|
+
class Import < Command
|
31
|
+
|
32
|
+
attr_writer :secret_id, :secret_value
|
33
|
+
|
34
|
+
# The <b>put use case</b> follows <b>open</b> and it adds secrets into an
|
35
|
+
# <em>(encrypted at rest)</em> envelope. Put can be called many times to
|
36
|
+
# add secrets. Finally the <b>lock use case</b> commits all opened secrets
|
37
|
+
# into the configured storage engines.
|
38
|
+
#
|
39
|
+
# Calling <em>put</em> <b>before</b> calling open or <b>after</b> calling lock
|
40
|
+
# is not allowed and will result in an error.
|
41
|
+
#
|
42
|
+
# == Put Pre-Conditions
|
43
|
+
#
|
44
|
+
# When the put use case is called - the below conditions ring true.
|
45
|
+
#
|
46
|
+
# - the <b>folder path</b> ending in ../../my must exist
|
47
|
+
# - a session id, filename and encryption key ( in workstation config )
|
48
|
+
#
|
49
|
+
# == Observable Value
|
50
|
+
#
|
51
|
+
# The observable value delivered by +put+ boils down to
|
52
|
+
#
|
53
|
+
# - a new <b>friends.xyz123abc.os.txt</b> file if this is the first put.
|
54
|
+
# - a new group_name/key_name (like monica/surname) entry is added if required
|
55
|
+
# - a secret value is added against the key or updated if it already exists
|
56
|
+
# - a new session id and encryption key is generated and used to re-encrypt
|
57
|
+
def execute
|
58
|
+
|
59
|
+
## @todo - rename appdb_content as master_db
|
60
|
+
## @todo - rename appdb_content as master_db
|
61
|
+
## @todo - rename appdb_content as master_db
|
62
|
+
## @todo - rename appdb_content as master_db
|
63
|
+
## @todo - rename appdb_content as master_db
|
64
|
+
## @todo - rename appdb_content as master_db
|
65
|
+
## @todo - rename appdb_content as master_db
|
66
|
+
## @todo - rename appdb_content as master_db
|
67
|
+
## @todo - rename appdb_content as master_db
|
68
|
+
## @todo - rename appdb_content as master_db
|
69
|
+
## @todo - rename appdb_content as master_db
|
70
|
+
## @todo - rename appdb_content as master_db
|
71
|
+
## @todo - rename appdb_content as master_db
|
72
|
+
## @todo - rename appdb_content as master_db
|
73
|
+
|
74
|
+
return unless ops_key_exists?
|
75
|
+
appdb_content = OpenKey::KeyApi.read_app_content()
|
76
|
+
|
77
|
+
puts "---\n"
|
78
|
+
puts "--- The Master Database (Before)\n"
|
79
|
+
puts "---\n"
|
80
|
+
puts JSON.pretty_generate( appdb_content )
|
81
|
+
puts "---\n"
|
82
|
+
|
83
|
+
return if unopened_envelope?( appdb_content )
|
84
|
+
|
85
|
+
envelope_id = ENVELOPE_KEY_PREFIX + appdb_content[ ENV_PATH ]
|
86
|
+
has_content = OpenKey::KeyApi.content_exists?( appdb_content[ envelope_id ] )
|
87
|
+
|
88
|
+
# --
|
89
|
+
# -- To get hold of the content we must either
|
90
|
+
# --
|
91
|
+
# -- a) unlock it using the breadcrumbs or
|
92
|
+
# -- b) start afresh with a new content db
|
93
|
+
# --
|
94
|
+
content_box = OpenKey::KeyApi.content_unlock( appdb_content[ envelope_id ] ) if has_content
|
95
|
+
content_box = OpenKey::KeyDb.new() unless has_content
|
96
|
+
content_hdr = create_header()
|
97
|
+
|
98
|
+
# --
|
99
|
+
# -- If no content envelope exists we need to place
|
100
|
+
# -- an empty one inside the appdb content database.
|
101
|
+
# --
|
102
|
+
appdb_content[ envelope_id ] = {} unless has_content
|
103
|
+
|
104
|
+
# --
|
105
|
+
# -- This is the PUT use case so we append a
|
106
|
+
# --
|
107
|
+
# -- a) key for the new dictionary entry
|
108
|
+
# -- b) value for the new dictionary entry
|
109
|
+
# --
|
110
|
+
# -- into the current content envelope and write
|
111
|
+
# -- the envelope to the content filepath.
|
112
|
+
# --
|
113
|
+
crumbs_dict = appdb_content[ envelope_id ]
|
114
|
+
content_box.create_entry( appdb_content[ KEY_PATH ], @secret_id, @secret_value )
|
115
|
+
OpenKey::KeyApi.content_lock( crumbs_dict, content_box.to_json, content_hdr )
|
116
|
+
|
117
|
+
puts "---\n"
|
118
|
+
puts "--- The Master Database (After)\n"
|
119
|
+
puts "---\n"
|
120
|
+
puts JSON.pretty_generate( appdb_content )
|
121
|
+
puts "---\n"
|
122
|
+
|
123
|
+
# --
|
124
|
+
# -- Three envelope crumbs namely the external ID, the
|
125
|
+
# -- random iv and the crypt key are written afreshinto
|
126
|
+
# -- the master database.
|
127
|
+
# --
|
128
|
+
OpenKey::KeyApi.write_app_content( content_hdr, appdb_content )
|
129
|
+
print_put_success
|
130
|
+
|
131
|
+
return
|
132
|
+
|
133
|
+
|
134
|
+
# ---> secret_ids = @secret_id.split("/")
|
135
|
+
# ---> if ( envelope.has_key? secret_ids.first )
|
136
|
+
# ---> envelope[secret_ids.first][secret_ids.last] = @secret_value
|
137
|
+
# ---> else
|
138
|
+
# ---> envelope[secret_ids.first] = { secret_ids.last => @secret_value }
|
139
|
+
# ---> end
|
140
|
+
|
141
|
+
end
|
142
|
+
|
143
|
+
|
144
|
+
private
|
145
|
+
|
146
|
+
|
147
|
+
def print_put_success
|
148
|
+
|
149
|
+
puts ""
|
150
|
+
puts "Success putting a key/value pair into the open envelope."
|
151
|
+
puts "You can put more in and then close the envelope."
|
152
|
+
puts ""
|
153
|
+
puts " ops close"
|
154
|
+
puts ""
|
155
|
+
|
156
|
+
end
|
157
|
+
|
158
|
+
|
159
|
+
# Perform pre-conditional validations in preparation to executing the main flow
|
160
|
+
# of events for this use case. This method may throw the below exceptions.
|
161
|
+
#
|
162
|
+
# @raise [SafeDirNotConfigured] if the safe's url has not been configured
|
163
|
+
# @raise [EmailAddrNotConfigured] if the email address has not been configured
|
164
|
+
# @raise [StoreUrlNotConfigured] if the crypt store url is not configured
|
165
|
+
def pre_validation
|
166
|
+
|
167
|
+
|
168
|
+
end
|
169
|
+
|
170
|
+
|
171
|
+
end
|
172
|
+
|
173
|
+
|
174
|
+
end
|
data/lib/usecase/init.rb
ADDED
@@ -0,0 +1,78 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module OpenSecret
|
4
|
+
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
# The <b>init use case</b> initializes opensecret thus preparing it
|
8
|
+
# for the ability to lock secrets, unlock them, transport their keys and
|
9
|
+
# much more.
|
10
|
+
#
|
11
|
+
# opensecret is a <b>(glorified) placeholder</b>. It takes things in now,
|
12
|
+
# keeps them safe and gives them back later, in a <b>helpful manner</b>.
|
13
|
+
#
|
14
|
+
# ---
|
15
|
+
#
|
16
|
+
# ops init bob@gmail.com $HOME/bob.credentials
|
17
|
+
#
|
18
|
+
# or
|
19
|
+
#
|
20
|
+
# xport init bob@gmail.com $HOME/apollo.team.x
|
21
|
+
#
|
22
|
+
# ---
|
23
|
+
#
|
24
|
+
# == Alternat Error Flows
|
25
|
+
#
|
26
|
+
# An error will be thrown
|
27
|
+
#
|
28
|
+
# - if ops can't create or extend the base directory
|
29
|
+
# - if the domain is already in the configuration file
|
30
|
+
# - if domain has non alphanums, excl hyphens, underscores, @ symbols, periods
|
31
|
+
# - if domain does not begin or end with alphanums.
|
32
|
+
# - if non alpha-nums (excl at signs) appear consecutively
|
33
|
+
# - if no alpha-nums appear in the string
|
34
|
+
# - if the domain string's length is less than 5
|
35
|
+
# - if "base.opensecret.io" appears twice (or more) in a directory tree
|
36
|
+
#
|
37
|
+
class Init < Command
|
38
|
+
|
39
|
+
attr_writer :master_p4ss, :domain_name, :base_path
|
40
|
+
|
41
|
+
|
42
|
+
# The init use case prepares <b>opensecret</b> so that you can <b>open</b> an envelope,
|
43
|
+
# <b>put</b> secrets into it and then <b>seal</b> (lock) it. Locking effectively writes
|
44
|
+
# crypted blocks to both keystore and crypt store.
|
45
|
+
#
|
46
|
+
# ops init apollo@work $HOME/apollo.work.drive
|
47
|
+
#
|
48
|
+
def execute
|
49
|
+
|
50
|
+
return unless ops_key_exists?
|
51
|
+
|
52
|
+
OpenKey::KeyApi.init_app_domain( @domain_name, @base_path )
|
53
|
+
keys_setup = OpenKey::KeyApi.is_domain_keys_setup?( @domain_name )
|
54
|
+
|
55
|
+
if ( keys_setup )
|
56
|
+
print_already_initialized
|
57
|
+
return
|
58
|
+
end
|
59
|
+
|
60
|
+
domain_password = OpenKey::KeyPass.password_from_shell( true )
|
61
|
+
OpenKey::KeyApi.setup_domain_keys( @domain_name, domain_password, create_header() )
|
62
|
+
print_domain_initialized
|
63
|
+
|
64
|
+
# --> unless @base_path.nil?
|
65
|
+
# --> key_api.register_keystore( @base_path )
|
66
|
+
# --> end
|
67
|
+
|
68
|
+
end
|
69
|
+
|
70
|
+
|
71
|
+
def pre_validation
|
72
|
+
end
|
73
|
+
|
74
|
+
|
75
|
+
end
|
76
|
+
|
77
|
+
|
78
|
+
end
|
@@ -0,0 +1,70 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module OpenSecret
|
4
|
+
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
# The <b>login use case</b> is given the domain name and if needs be
|
8
|
+
# it collects the password then (if correct) logs the user in.
|
9
|
+
#
|
10
|
+
# Here are some key facts about the login command
|
11
|
+
#
|
12
|
+
# - its domain name parameter is mandatory
|
13
|
+
# - it is called at the start of every session
|
14
|
+
# - it is undone by the logout command
|
15
|
+
# - it requires the OPEN_SESSION_TOKEN environment variable
|
16
|
+
# - you can nest login commands thus using multiple domains
|
17
|
+
# - you can call it with a --with=password switch
|
18
|
+
# - you can deliver the password in multiple ways
|
19
|
+
class Login < Command
|
20
|
+
|
21
|
+
attr_writer :master_p4ss, :domain_name
|
22
|
+
|
23
|
+
|
24
|
+
def execute
|
25
|
+
|
26
|
+
return unless ops_key_exists?
|
27
|
+
|
28
|
+
unless ( OpenKey::KeyApi.is_domain_keys_setup?( @domain_name ) )
|
29
|
+
print_not_initialized
|
30
|
+
return
|
31
|
+
end
|
32
|
+
|
33
|
+
############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
|
34
|
+
############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
|
35
|
+
############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
|
36
|
+
############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
|
37
|
+
############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
|
38
|
+
############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
|
39
|
+
|
40
|
+
domain_secret = OpenKey::KeyPass.password_from_shell( false )
|
41
|
+
|
42
|
+
############## Use [[ KeyApi.valid_password? ]] and give error if not valid
|
43
|
+
############## Use [[ KeyApi.valid_password? ]] and give error if not valid
|
44
|
+
############## Use [[ KeyApi.valid_password? ]] and give error if not valid
|
45
|
+
############## Use [[ KeyApi.valid_password? ]] and give error if not valid
|
46
|
+
############## Use [[ KeyApi.valid_password? ]] and give error if not valid
|
47
|
+
|
48
|
+
OpenKey::KeyApi.do_login( @domain_name, domain_secret, create_header() )
|
49
|
+
print_login_success
|
50
|
+
|
51
|
+
end
|
52
|
+
|
53
|
+
|
54
|
+
# Perform pre-conditional validations in preparation to executing the main flow
|
55
|
+
# of events for this use case. This method may throw the below exceptions.
|
56
|
+
#
|
57
|
+
# @raise [SafeDirNotConfigured] if the safe's url has not been configured
|
58
|
+
# @raise [EmailAddrNotConfigured] if the email address has not been configured
|
59
|
+
# @raise [StoreUrlNotConfigured] if the crypt store url is not configured
|
60
|
+
def pre_validation
|
61
|
+
|
62
|
+
end
|
63
|
+
|
64
|
+
|
65
|
+
end
|
66
|
+
|
67
|
+
|
68
|
+
end
|
69
|
+
|
70
|
+
|
@@ -0,0 +1,30 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module OpenSecret
|
4
|
+
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
class Logout < Command
|
8
|
+
|
9
|
+
def execute
|
10
|
+
|
11
|
+
end
|
12
|
+
|
13
|
+
|
14
|
+
# Perform pre-conditional validations in preparation to executing the main flow
|
15
|
+
# of events for this use case. This method may throw the below exceptions.
|
16
|
+
#
|
17
|
+
# @raise [SafeDirNotConfigured] if the safe's url has not been configured
|
18
|
+
# @raise [EmailAddrNotConfigured] if the email address has not been configured
|
19
|
+
# @raise [StoreUrlNotConfigured] if the crypt store url is not configured
|
20
|
+
def pre_validation
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
|
28
|
+
end
|
29
|
+
|
30
|
+
|
data/lib/usecase/open.rb
ADDED
@@ -0,0 +1,126 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
module OpenSecret
|
4
|
+
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
# The <tt>open use case</tt> allows us to add (put), subtract (del)ete, change
|
8
|
+
# (update) and list the secrets within an envelope (outer path) at a given
|
9
|
+
# position (inner path), whether that envelope exists or not.
|
10
|
+
#
|
11
|
+
# Also see the <b>reopen</b> command which only differs from open in that it
|
12
|
+
# fails if the path specified does not exist in either the sealed or session
|
13
|
+
# envelopes.
|
14
|
+
#
|
15
|
+
# == The Open Path Parameter
|
16
|
+
#
|
17
|
+
# Open must be called with a single <b>path</b> parameter with an optional
|
18
|
+
# single colon separating the outer (path to envelope) from the inner (path
|
19
|
+
# within envelope).
|
20
|
+
#
|
21
|
+
# ops open aws.credentials:s3reader
|
22
|
+
#
|
23
|
+
# The outer and inner paths can contain forward slashes that segment the path.
|
24
|
+
#
|
25
|
+
# ops open production/aws.credentials:s3/s3reader
|
26
|
+
# ops put access_key ABCD1234
|
27
|
+
# ops put secret_key FGHIJ56789
|
28
|
+
# ops put region_key eu-central-1
|
29
|
+
# ops seal
|
30
|
+
#
|
31
|
+
# == Open (Path) Pre-Conditions
|
32
|
+
#
|
33
|
+
# The domain must have been initialized on this machine stating the path to
|
34
|
+
# the base folder that contains the key and crypt material.
|
35
|
+
#
|
36
|
+
# To open a path these conditions must be true.
|
37
|
+
#
|
38
|
+
# - the shell session token must have been set at the session beginning
|
39
|
+
# - a successful <tt>ops login</tt> command must have been issued
|
40
|
+
# - the external drive (eg usb key) must be configured and accessible
|
41
|
+
#
|
42
|
+
# == Observable Value
|
43
|
+
#
|
44
|
+
# $ ops open home/wifi
|
45
|
+
#
|
46
|
+
# The observable value delivered by +[open]+ boils down to
|
47
|
+
#
|
48
|
+
# - an openkey (eg asdfx1234) and corresponding open encryption key
|
49
|
+
# - open encryption key written to <tt>~/.opensecret/open.keys/asdfx1234.x.txt</tt>
|
50
|
+
# - the opened path (ending in filename) written to session.cache base in [safe]
|
51
|
+
# - the INI string (were the file to be decrypted) would look like the below
|
52
|
+
#
|
53
|
+
# [session]
|
54
|
+
# base.path = home/wifi
|
55
|
+
#
|
56
|
+
class Open < Command
|
57
|
+
|
58
|
+
# The two paths that have been posted to the open command.
|
59
|
+
# First is a relative path to the obfuscated envelope and then
|
60
|
+
# the path in envelope to the point of interest.
|
61
|
+
attr_writer :env_path, :key_path
|
62
|
+
|
63
|
+
def execute
|
64
|
+
|
65
|
+
return unless ops_key_exists?
|
66
|
+
appdb_content = OpenKey::KeyApi.read_app_content()
|
67
|
+
|
68
|
+
puts "---\n"
|
69
|
+
puts "--- The Master Database (Before)\n"
|
70
|
+
puts "---\n"
|
71
|
+
puts JSON.pretty_generate( appdb_content )
|
72
|
+
puts "---\n"
|
73
|
+
|
74
|
+
appdb_content[ ENV_PATH ] = @env_path
|
75
|
+
appdb_content[ KEY_PATH ] = @key_path
|
76
|
+
|
77
|
+
puts "---\n"
|
78
|
+
puts "--- The Master Database (After)\n"
|
79
|
+
puts "---\n"
|
80
|
+
puts JSON.pretty_generate( appdb_content )
|
81
|
+
puts "---\n"
|
82
|
+
|
83
|
+
OpenKey::KeyApi.write_app_content( create_header(), appdb_content )
|
84
|
+
print_open_success
|
85
|
+
|
86
|
+
return
|
87
|
+
|
88
|
+
end
|
89
|
+
|
90
|
+
|
91
|
+
private
|
92
|
+
|
93
|
+
|
94
|
+
def print_open_success
|
95
|
+
|
96
|
+
puts ""
|
97
|
+
puts "Success opening a path to a data bucket."
|
98
|
+
puts "You can now put data into a dictionary or"
|
99
|
+
puts "add it to a list or set a scalar value."
|
100
|
+
puts ""
|
101
|
+
puts " ops put aws.iam.usr joebloggs"
|
102
|
+
puts " ops put access.key ABCD1234"
|
103
|
+
puts " ops put secret.key FGHIJ56789"
|
104
|
+
puts " ops put region.key eu-central-1"
|
105
|
+
puts " ops close"
|
106
|
+
puts ""
|
107
|
+
|
108
|
+
end
|
109
|
+
|
110
|
+
|
111
|
+
# Perform pre-conditional validations in preparation to executing the main flow
|
112
|
+
# of events for this use case. This method may throw the below exceptions.
|
113
|
+
#
|
114
|
+
# @raise [SafeDirNotConfigured] if the safe's url has not been configured
|
115
|
+
# @raise [EmailAddrNotConfigured] if the email address has not been configured
|
116
|
+
# @raise [StoreUrlNotConfigured] if the crypt store url is not configured
|
117
|
+
def pre_validation
|
118
|
+
|
119
|
+
|
120
|
+
end
|
121
|
+
|
122
|
+
|
123
|
+
end
|
124
|
+
|
125
|
+
|
126
|
+
end
|