opensecret 0.0.988 → 0.0.9925

data/lib/{interprete → usecase}/put.rb

@@ -28,27 +28,10 @@ module OpenSecret
   # - a secret value is added against the key or updated if it already exists
   # - a new session id and encryption key is generated and used to re-encrypt
   #
-  # == The Encrypted Session Bucket
-  #
-  # After the example commands we can visualize the <b><em>encrypted</em></b>
-  # bucket like this.
-  #
-  #     [monica]
-  #     surname = lewinsky
-  #     from = April 1989
-  #     to = September 1994
-  #
-  #     [hilary]
-  #     surname = clinton
-  #     from = Feb 1982
-  #     to = Present Day
-  #
-  # == Bill Clinton's Lady Friends 
+  # == Example | Bill Clinton's Secrets
   #
   # In our fictitious example Bill Clinton uses opensecret to lock away the
-  # names and dates of his lady riends.
-  #
-  # @example
+  # names and dates of his lady friends.
   #
   #    $ opensecret init bill.clinton@example.com
   #    $ opensecret open my/friends
@@ -73,8 +56,10 @@ module OpenSecret
   # - <b>peek</b>
   class Put < Command
 
+
     attr_writer :secret_id, :secret_value
 
+
     # The <b>put use case</b> follows <b>open</b> and it adds secrets into an
     # <em>(encrypted at rest)</em> envelope. Put can be called many times to
     # add secrets. Finally the <b>lock use case</b> commits all opened secrets
@@ -100,34 +85,102 @@ module OpenSecret
     # - a new session id and encryption key is generated and used to re-encrypt
     def execute
 
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #########      instantiate_collateral
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #### is this needed
-      #### is this needed
-
-
-      envelope = get_envelope
-
-      secret_ids = @secret_id.split("/")
-      if ( envelope.has_key? secret_ids.first )
-        envelope[secret_ids.first][secret_ids.last] = @secret_value
-      else
-        envelope[secret_ids.first] = { secret_ids.last => @secret_value }
-      end
-
-      new_encryption_key = ToolBelt::Engineer.strong_key @c[:open][:open_keylen]
-      Mapper::Settings.write @c[:open][:open_name], @c[:open][:open_keyname], new_encryption_key
-      envelope.write new_encryption_key
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+
+      return unless ops_key_exists?
+      appdb_content = OpenKey::KeyApi.read_app_content()
+
+      puts "---\n"
+      puts "--- The Master Database (Before)\n"
+      puts "---\n"
+      puts JSON.pretty_generate( appdb_content )
+      puts "---\n"
+
+      return if unopened_envelope?( appdb_content )
+
+      envelope_id = ENVELOPE_KEY_PREFIX + appdb_content[ ENV_PATH ]
+      has_content = OpenKey::KeyApi.content_exists?( appdb_content[ envelope_id ] )
+
+      # --
+      # -- To get hold of the content we must either
+      # --
+      # --   a) unlock it using the breadcrumbs or
+      # --   b) start afresh with a new content db
+      # --
+      content_box = OpenKey::KeyApi.content_unlock( appdb_content[ envelope_id ] ) if has_content
+      content_box = OpenKey::KeyDb.new() unless has_content
+      content_hdr = create_header()
+
+      # --
+      # -- If no content envelope exists we need to place
+      # -- an empty one inside the appdb content database.
+      # --
+      appdb_content[ envelope_id ] = {} unless has_content
+
+      # --
+      # -- This is the PUT use case so we append a
+      # --
+      # --   a) key for the new dictionary entry
+      # --   b) value for the new dictionary entry
+      # --
+      # -- into the current content envelope and write
+      # -- the envelope to the content filepath.
+      # --
+      crumbs_dict = appdb_content[ envelope_id ]
+      content_box.create_entry( appdb_content[ KEY_PATH ], @secret_id, @secret_value )
+      OpenKey::KeyApi.content_lock( crumbs_dict, content_box.to_json, content_hdr )
+
+      puts "---\n"
+      puts "--- The Master Database (After)\n"
+      puts "---\n"
+      puts JSON.pretty_generate( appdb_content )
+      puts "---\n"
+
+      # --
+      # -- Three envelope crumbs namely the external ID, the
+      # -- random iv and the crypt key are written afreshinto
+      # -- the master database.
+      # --
+      OpenKey::KeyApi.write_app_content( content_hdr, appdb_content )
+      print_put_success
+
+      return
+
+
+# --->      secret_ids = @secret_id.split("/")
+# --->      if ( envelope.has_key? secret_ids.first )
+# --->        envelope[secret_ids.first][secret_ids.last] = @secret_value
+# --->      else
+# --->        envelope[secret_ids.first] = { secret_ids.last => @secret_value }
+# --->      end
+
+    end
+
+
+    private
+
+
+    def print_put_success
+
+      puts ""
+      puts "Success putting a key/value pair into the open envelope."
+      puts "You can put more in and then close the envelope."
+      puts ""
+      puts "    ops close"
+      puts ""
 
     end
 

data/lib/usecase/read.rb

@@ -0,0 +1,89 @@
+#!/usr/bin/ruby
+	
+module OpenSecret
+
+
+  class Read < Command
+
+
+    def execute
+
+      return unless ops_key_exists?
+      appdb_content = OpenKey::KeyApi.read_app_content()
+
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+## @todo - rename appdb_content as master_db
+
+      return if unopened_envelope?( appdb_content )
+
+      envelope_id = ENVELOPE_KEY_PREFIX + appdb_content[ ENV_PATH ]
+      has_content = OpenKey::KeyApi.content_exists?( appdb_content[ envelope_id ] )
+
+      # --
+      # -- To get hold of the content we must either
+      # --
+      # --   a) unlock it using the breadcrumbs or
+      # --   b) start afresh with a new content db
+      # --
+      content_box = OpenKey::KeyApi.content_unlock( appdb_content[ envelope_id ] ) if has_content
+      content_box = content_box.fast_forward( appdb_content[ KEY_PATH ] )
+      content_box = OpenKey::KeyDb.new() unless has_content
+
+      puts ""
+      puts "--- ----------------------------------\n"
+      puts "--- envelope => #{appdb_content[ ENV_PATH ]}\n"
+      puts "--- key path => #{appdb_content[ KEY_PATH ]}\n"
+      puts "--- ----------------------------------\n"
+      puts JSON.pretty_generate( content_box )
+      puts "--- ----------------------------------\n"
+      puts ""
+
+      return
+
+    end
+
+
+    private
+
+
+    def print_put_success
+
+      puts ""
+      puts "Success putting a key/value pair into the open envelope."
+      puts "You can put more in and then close the envelope."
+      puts ""
+      puts "    ops close"
+      puts ""
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/token.rb

@@ -0,0 +1,111 @@
+#!/usr/bin/ruby
+
+module OpenSecret
+
+  # The <tt>token use case</tt> prints out an encrypted session token tied
+  # to the workstation and shell environment. It should be called like this
+  # and <tt>printenv</tt> can be used to verify that a shell-scoped
+  # environment variable tying OPEN_SESSION_TOKEN to a 150 character session
+  # token, has been created.
+  #
+  #    export OPEN_SESSION_TOKEN=`ops token`
+  #    printenv
+  #
+  # Note the <b>back-ticks</b> surrounding the <tt>ops token</tt> call.
+  #
+  # When the shell closes OPEN_SESSION_TOKEN disappears forever. However if you want to
+  # continue using the same shell you can wipe this away.
+  #
+  #    $ unset OPEN_SESSION_TOKEN           # Delete the shell session token
+  #    $ env | grep OPEN_SESSION_TOKEN      # Check OPEN_SESSION_TOKEN is deleted
+  #
+  #    You can also delete every env var created by this shell.
+  #
+  #    $ env -i bash             # Rewind to (after) login variables
+  #
+  # == How to instantiate a Command Line Session
+  #
+  # Initialize the session by generating a random high entropy shell token
+  # and then generating an obfuscator key which we use to lock the shell
+  # key and return a triply segmented text token that can be used to decrypt
+  # and deliver the shell key as long as the same shell on the same machine
+  # is employed to make the call.
+  #
+  # == The 3 Session Token Segments
+  #
+  # The session token is divided up into 3 segments with a total of 150
+  #  characters.
+  #
+  #   | -------- | ------------ | ------------------------------------- |
+  #   | Segment  | Length       | Purpose                               |
+  #   | -------- | ------------ | ------------------------------------- |
+  #   |    1     | 16 bytes     | AES Encrypt Initialization Vector(IV) |
+  #   |    2     | 80 bytes     | Cipher text from Random Key AES crypt |
+  #   |    3     | 22 chars     | Salt for obfuscator key derivation    |
+  #   | -------- | ------------ | ------------------------------------- |
+  #   |  Total   | 150 chars    | Session Token in Environment Variable |
+  #   | -------- | ------------ | ------------------------------------- |
+  #
+  # Why is the <b>16 byte salt and the 80 byte BCrypt ciphertext</b> represented
+  # by <b>128 base64 characters</b>?
+  #
+  #    16 bytes + 80 bytes = 96 bytes
+  #    96 bytes x 8 bits   = 768 bits
+  #    768 bits / 6 bits   = 128 base64 characters
+  #
+  # == Other ways to instantiate the session token
+  #
+  # The session token environment variable can be delivered
+  #
+  # - with the export command
+  # - via a docker run ENV parameter
+  # - using the dot profile script
+  #
+  class Token < Command
+
+
+    # The <tt>token use case</tt> prints out an encrypted session token tied
+    # to the workstation and shell environment. It should be called like this
+    # and <tt>printenv</tt> can be used to verify that a shell-scoped
+    # environment variable tying OPEN_SESSION_TOKEN to an (approximately) 48 character
+    # session password, has been created.
+    #
+    #    export OPEN_SESSION_TOKEN=`ops token`
+    #    printenv
+    #
+    # Note the <b>back-ticks</b> surrounding the <tt>ops token</tt> call.
+    #
+    # <b>How to instantiate a Command Line Session</b>
+    #
+    #    $ printenv
+    #    $ export OPEN_SESSION_TOKEN=`ops token`
+    #    $ printenv
+    #
+    #    The 2nd printenv should reveal a shell specific environment variable.
+    #
+    #    OPEN_SESSION_TOKEN=FvxETEpmoVUetyJ0jJk19aus1pQkzLZ8OVJccatYnC9GxDE4Iy3AyWNZ...
+    #
+    def execute
+
+      print OpenKey::KeyLocal.generate_shell_key_and_token()
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+
+    end
+
+
+  end
+
+
+end
+

data/lib/version.rb

@@ -1,3 +1,3 @@
 module OpenSecret
-  VERSION = "0.0.988"
+  VERSION = "0.0.9925"
 end

data/opensecret.gemspec

@@ -11,8 +11,8 @@ Gem::Specification.new do |spec|
   spec.email         = ["apolloakora@gmail.com"]
 
   spec.summary       = %q{opensecret locks and unlocks secrets in a simple, secure and intuitive way.}
-  spec.description   = %q{opensecret stashes uncrackable secrets into your Git, S3, DropBox, Google Drive and filesystems backends. You interface with its intuitive Linux, Windows, iOS front ends and it offers SDKs and plugins for Ruby, Python, Java, Jenkins, CodeShip, Ansible, Terraform, Puppet and Chef.}
-  spec.homepage      = "https://www.eco-platform.co.uk"
+  spec.description   = %q{opensecret stashes uncrackable secrets as encrypted material in plaintext files. After installing hte opensecret gem, you init, open, put and then look at your credentials, sensitive information and secrets.}
+  spec.homepage      = "https://www.devops-hub.com/software/opensecret"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
@@ -23,10 +23,11 @@ Gem::Specification.new do |spec|
   spec.bindir        = "bin"
   spec.executables   = ['opensecret', 'ops']
   spec.require_paths = ["lib"]
+  spec.required_ruby_version = '>= 2.5.0'
 
   spec.add_dependency 'inifile', '~> 3.0'
   spec.add_dependency 'thor', '~> 0.2'
-  spec.add_dependency 'macaddr'
+  spec.add_dependency 'uuid'
   spec.add_dependency 'bcrypt'
 
   spec.add_development_dependency "bundler", "~> 1.16"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: opensecret
 version: !ruby/object:Gem::Version
-  version: 0.0.988
+  version: 0.0.9925
 platform: ruby
 authors:
 - Apollo Akora
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-17 00:00:00.000000000 Z
+date: 2018-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inifile
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0.2'
 - !ruby/object:Gem::Dependency
-  name: macaddr
+  name: uuid
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -80,10 +80,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.16'
-description: opensecret stashes uncrackable secrets into your Git, S3, DropBox, Google
-  Drive and filesystems backends. You interface with its intuitive Linux, Windows,
-  iOS front ends and it offers SDKs and plugins for Ruby, Python, Java, Jenkins, CodeShip,
-  Ansible, Terraform, Puppet and Chef.
+description: opensecret stashes uncrackable secrets as encrypted material in plaintext
+  files. After installing hte opensecret gem, you init, open, put and then look at
+  your credentials, sensitive information and secrets.
 email:
 - apolloakora@gmail.com
 executables:
@@ -102,39 +101,38 @@ files:
 - Rakefile
 - bin/opensecret
 - bin/ops
-- lib/exception/cli.error.rb
-- lib/exception/errors/cli.errors.rb
 - lib/extension/array.rb
 - lib/extension/dir.rb
 - lib/extension/file.rb
 - lib/extension/hash.rb
 - lib/extension/string.rb
 - lib/factbase/facts.opensecret.io.ini
-- lib/interprete/begin.rb
-- lib/interprete/cmd.rb
-- lib/interprete/export.rb
-- lib/interprete/init.rb
-- lib/interprete/key.rb
-- lib/interprete/open.rb
-- lib/interprete/put.rb
-- lib/interprete/safe.rb
-- lib/interprete/seal.rb
-- lib/interprete/set.rb
-- lib/interprete/use.rb
-- lib/interpreter.rb
+- lib/interprete.rb
 - lib/keytools/binary.map.rb
-- lib/keytools/digester.rb
 - lib/keytools/doc.conversion.to.ones.and.zeroes.ruby
 - lib/keytools/doc.rsa.radix.binary-mapping.ruby
 - lib/keytools/doc.star.schema.strategy.txt
 - lib/keytools/doc.using.pbkdf2.kdf.ruby
 - lib/keytools/doc.using.pbkdf2.pkcs.ruby
+- lib/keytools/kdf.api.rb
 - lib/keytools/kdf.bcrypt.rb
 - lib/keytools/kdf.pbkdf2.rb
-- lib/keytools/key.data.rb
-- lib/keytools/key.derivation.rb
-- lib/keytools/key.module.rb
+- lib/keytools/kdf.scrypt.rb
+- lib/keytools/key.64.rb
+- lib/keytools/key.algo.rb
+- lib/keytools/key.api.rb
+- lib/keytools/key.db.rb
+- lib/keytools/key.docs.rb
+- lib/keytools/key.error.rb
+- lib/keytools/key.id.rb
+- lib/keytools/key.iv.rb
+- lib/keytools/key.local.rb
+- lib/keytools/key.mach.rb
+- lib/keytools/key.now.rb
+- lib/keytools/key.pair.rb
+- lib/keytools/key.pass.rb
 - lib/keytools/key.rb
+- lib/keytools/keydebug.txt
 - lib/logging/gem.logging.rb
 - lib/modules/cryptology.md
 - lib/modules/cryptology/aes-256.rb
@@ -145,21 +143,29 @@ files:
 - lib/modules/cryptology/crypt.io.rb
 - lib/modules/cryptology/engineer.rb
 - lib/modules/cryptology/open.bcrypt.rb
-- lib/modules/mappers/collateral.rb
 - lib/modules/mappers/dictionary.rb
-- lib/modules/mappers/envelope.rb
-- lib/modules/mappers/settings.rb
 - lib/modules/storage/coldstore.rb
 - lib/modules/storage/git.store.rb
-- lib/notepad/scratch.pad.rb
 - lib/session/fact.finder.rb
 - lib/session/require.gem.rb
 - lib/session/time.stamp.rb
 - lib/session/user.home.rb
-- lib/store-commands.txt
+- lib/usecase/cmd.rb
+- lib/usecase/id.rb
+- lib/usecase/import.rb
+- lib/usecase/init.rb
+- lib/usecase/login.rb
+- lib/usecase/logout.rb
+- lib/usecase/open.rb
+- lib/usecase/put.rb
+- lib/usecase/read.rb
+- lib/usecase/safe.rb
+- lib/usecase/set.rb
+- lib/usecase/token.rb
+- lib/usecase/use.rb
 - lib/version.rb
 - opensecret.gemspec
-homepage: https://www.eco-platform.co.uk
+homepage: https://www.devops-hub.com/software/opensecret
 licenses:
 - MIT
 metadata:
@@ -172,7 +178,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -180,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2.1
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: opensecret locks and unlocks secrets in a simple, secure and intuitive way.