opensecret 0.0.9925 → 0.0.9949

data/lib/usecase/use.rb

@@ -2,8 +2,6 @@
 	
 module OpenSecret
 
-  require 'openssl'
-
   # The <b>use <em>use case</em></b> borrowed from the database world denotes which
   # domain will be used <b>for now (and evermore)</b> on the workstation until another
   # use command is issued.
@@ -18,7 +16,7 @@ module OpenSecret
   # Error - if the domain name is not listed in the configuration file.
   # Error - if the (dictionary) path to the domain's base does not exist
   #
-  class Use < Command
+  class Use < UseCase
 
     attr_writer :domain_name
 

data/lib/usecase/verse.rb

@@ -0,0 +1,20 @@
+#!/usr/bin/ruby
+	
+module OpenSecret
+
+  class Verse < UseCase
+
+    def execute
+
+      return unless ops_key_exists?
+      master_db = get_master_database()
+      return if unopened_envelope?( master_db )
+      print master_db[ KEY_PATH ]
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/view.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/ruby
+
+module OpenSecret
+
+  # View provides a bird's eye view of the domain's content and links well with
+  # the <b>goto</b>, <b>show</b> and <b>tell</b> commands.
+  #
+  #     $ xxx view
+  #     $ xxx goto 5   # shortcut for xxx open <<envelope_name>> <<key_name>>
+  #     $ xxx show
+  #     $ xxx tell
+  #     $ xxx tell url
+  #
+  # View maps out and numbers each envelope/key combination.
+  # Goto with the number effectively shortcuts the open pinpointer.
+  # Show prints out the dictionary at the opened path but masks any secrets.
+  # Tell without a parameter echoes the secret.
+  # Tell with parameter echoes the value of the parameter key (eg url).
+  #
+  # Once goto is enacted all path CRUD commands come into play as if you had
+  # opened the path. These include put, copy, paste, show, tell and delete.
+  class View < UseCase
+
+    def execute
+
+      return unless ops_key_exists?
+      master_db = OpenKey::KeyApi.read_master_db()
+
+      open_envelope = "(none)" if master_db[ ENV_PATH ].nil?
+      open_envelope = master_db[ ENV_PATH ] unless master_db[ ENV_PATH ].nil?
+      open_key_path = "(none)" if master_db[ KEY_PATH ].nil?
+      open_key_path = master_db[ KEY_PATH ] unless master_db[ KEY_PATH ].nil?
+
+      puts ""
+      puts "--- Book Birthday ~> #{OpenKey::KeyApi.to_db_create_date(master_db)}\n"
+      puts "--- The Book Name ~> #{OpenKey::KeyApi.to_db_domain_name(master_db)}\n"
+      puts "--- The Book (Id) ~> #{OpenKey::KeyApi.to_db_domain_id(master_db)}\n"
+      puts "---\n"
+      puts "--- Chapter ~> #{open_envelope}\n"
+      puts "--- + Verse ~> #{open_key_path}\n"
+      puts "---\n"
+
+      goto_location = 1
+      envelope_dictionaries = OpenKey::KeyApi.to_matching_dictionary( master_db, ENVELOPE_KEY_PREFIX )
+      envelope_dictionaries.each_pair do | envelope_name, crumb_dictionary |
+        is_opened_chapter = envelope_name.eql?( open_envelope )
+        envelope_content = OpenKey::KeyDb.from_json( OpenKey::KeyApi.content_unlock( crumb_dictionary ) )
+        envelope_content.each_key do | envelope_key |
+          is_opened_verse = envelope_key.eql?( open_key_path )
+          is_open = is_opened_chapter && is_opened_verse
+          openend = is_open ? " (( open location ))" : ""
+          fixdint = format( "%02d", goto_location )
+          goindex = is_open ? "" : "[#{fixdint}] "
+          puts "--- --- --------------------------------------" if is_open
+          puts "--- #{goindex}#{envelope_name} ~> #{envelope_key}#{openend}\n"
+          puts "--- --- --------------------------------------" if is_open
+          goto_location += 1
+        end
+      end
+
+      puts ""
+
+      return
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/vpn/README.md

@@ -0,0 +1,150 @@
+
+# Switch On an OpenVPN Client Connection
+
+    safe vpn
+
+## Introduction
+
+This DevOps task is a collaboration to **switch on a VPN connection** with safe as the credentials provider, nmcli on Ubuntu and an OpenVPN account embodied details within an ovpn file.
+
+## Task Preconditions
+
+To switch on a client OpenVPN connection the following must hold true
+
+- a shell safe tokenize, login and open has ocurred
+- the opened safe location must have a key vpn.id
+- safe write <<runtime.dir>> must eject <<vpn.id>>.ovpn
+- the ovpn file must be valid and point to a running accessible openvpn server
+- the ubiquitous @password field must hold a credible value
+- the VPN connection is assumed to be not just switched off, but deleted (at the start)
+
+
+
+
+# Switch Off an OpenVPN Client Connection
+
+    dot vpn down
+
+## Introduction
+
+This DevOps task is a collaboration to **switch on a VPN connection** with safe as the credentials provider, nmcli on Ubuntu and an OpenVPN account embodied details within an ovpn file.
+
+## Task Preconditions
+
+To switch on a client OpenVPN connection the following must hold true
+
+- a shell safe tokenize, login and open has ocurred
+- the opened safe location must have a key vpn.id
+- safe write <<runtime.dir>> must eject <<vpn.id>>.ovpn
+- the ovpn file must be valid and point to a running accessible openvpn server
+- the ubiquitous @password field must hold a credible value
+- the VPN connection is assumed to be not just switched off, but deleted (at the start)
+
+
+# safe vpn up | safe vpn down
+
+    $ safe open vpn production
+    $ safe vpn up
+    $ ... (do work using vpn)
+    $ safe vpn down
+
+## safe vpn | introduction
+
+Once you put VPN credentials into a mini-dictionary (in a safe book chapter and verse), you can bring up a VPN connection and after doing your work through the VPN you can tear it down.
+
+**[The strategy used to bring the OpenVPN connection up and down can be found here.](http://www.devopswiki.co.uk/wiki/middleware/network/openvpn/openvpn)**
+
+
+### safe vpn | ovpn | requirements
+
+Currently the safe vpn command is only integration tested with the following tech requirements
+
+- an Ubuntu 16.04 and Ubuntu 18.04 operating system
+- the nmcli (network manager command line) client which is installed if absent
+- an OpenVPN server
+- VPN configuration imported via an OpenVPN **`*.ovpn`** file
+
+
+## safe terraform | credential creation
+
+The first use case is importing the IAM user credentials into safe.
+
+    $ safe login joebloggs.com                  # open the book
+    $ safe open iam dev.s3.writer               # open chapter and verse
+    $ safe put @access.key ABCD1234EFGH5678     # Put IAM access key in safe
+    $ safe put @secret.key xyzabcd1234efgh5678  # Put IAM secret key in safe
+    $ safe put region.key eu-west-3             # infrastructure in Paris
+
+    $ safe open iam prod.provisioner            # open chapter and verse
+    $ safe put @access.key 4321DCBA8765WXYZ     # Put IAM access key in safe
+    $ safe put @secret.key 5678uvwx4321abcd9876 # Put IAM secret key in safe
+    $ safe put region.key eu-west-1             # infrastructure in Dublin
+
+    safe logout
+
+Take care to specify these 3 key names **@access.key**, **@secret.key**, **region.key** and note that safe's convention is to sensitively treat the value's of keys beginning with an **@** sign. **safe show** and other readers **mask out (redact)** these sensitive values.
+
+
+## safe terraform | running terraform
+
+Now and forever you can return to the chapter and verse and enjoy a secure credentials transfer where safe makes the IAM user credentials available to Terraform via environment variables. **Never do the plain text credentials touch the floor (disk).**
+
+### Why no safe terraform init?
+**safe only gets involved when credentials are involved**.
+**safe** is not trying to wrap command willy nilly. safe's policy is to keep external tool interfaces as **small** as possible. **`terraform init .`** does not involve credentials so safe does not get involved.
+
+    $ cd /path/to/terraform/dir     # go to directory holding your .tf file
+    $ safe login joebloggs.com      # login to your chosen book
+    $ safe open iam dev.s3.writer   # open chapter and verse holding IAM creds
+    $ terraform init .              # the usual terraform init command
+    $ safe terraform plan           # credentials are exported then terraform plan is run
+    $ safe terraform apply          # credentials are exported then terraform apply is run
+    $ safe terraform destroy        # credentials are exported then terraform destroy is run
+
+You can even change directories and run other terraform projects against the opened IAM user. You can also open an IAM user, run commands, open another run commands and then reopen the first and run commands.
+
+As long as you stay within your shell window - your safe login will persist. Once your session is finished you either logout or exit the shell.
+
+### Shortcut Alert
+
+**safe terraform** is a shortcut for **safe terraform apply**
+
+    $ safe terraform apply
+    $ safe terraform
+
+## safe terraform | pre-conditions
+
+To enact a successful safe terraform call you will need
+
+- to have created an IAM user
+- to open chapter and verse which
+- has these 3 keys @access.key @secret.key and region.key (at least)
+- terraform installed on the machine or container
+
+
+## safe terraform | benefits
+
+The safe terraform command is both an ultra secure and extremely convenient way of launching terraform.
+
+Your precious AWS IAM user credentials do not leave the safe and exist within (environment variable) memory only for the duration of the terraform command.
+
+It is safe as you need neither expose your AWS credentials in plain text in **~/.aws/credentials**, nor risk them sliding into version control. It is convenient because switching IAM users and AWS regions is as easy as typing the now ubiquitous safe open command.
+
+
+## quick tip | view then goto
+
+No need to type out the safe open command everytime. Use it the very first time you create a path to chapter and verse.
+
+    safe open <<chapter>> <<verse>>
+
+Then use safe view and safe goto instead of safe open.
+
+    $ safe view             # list all chapter and verses
+    $ safe goto <<index>>   # use the number from safe view to open the location
+    $ safe show             # look at your mini dictionary
+
+
+
+
+
+

data/lib/usecase/vpn/vpn.ini

@@ -0,0 +1,31 @@
+
+[vpn]
+
+vpn.id         =  rb>> @f[:secrets][:vpn_id]
+vpn.filename   =  rb>> @s[:vpn_id] + ".ovpn"
+export.folder  =  rb>> File.join( Dir.home, ".config/safe.db" )
+vpn.filepath   =  rb>> File.join( @s[:export_folder], @s[:vpn_filename] )
+vpn.username   =  rb>> @f[:secrets][:username]
+vpn.password   =  rb>> @f[:secrets][:@password]
+safe.write.cmd =  rb>> "safe write --script " + @s[:vpn_filepath]
+
+nm.import.cmd  =  rb>> "sudo nmcli connection import type openvpn file " + @s[:vpn_filepath]
+nm.default.cmd =  rb>> "nmcli connection modify " + @s[:vpn_id] + " ipv4.never-default true"
+nm.user.cmd    =  rb>> "nmcli connection modify " + @s[:vpn_id] + " +vpn.data username=" + @s[:vpn_username]
+nm.reload.cmd  =  rb>> "sudo nmcli connection reload " + @s[:vpn_id]
+nm.flags.cmd   =  rb>> "nmcli connection modify " + @s[:vpn_id] + " +vpn.data password-flags=0"
+this.user      =  rb>> Etc.getlogin()
+
+nm.directory   =  /etc/NetworkManager/system-connections
+nm.filepath    =  rb>> File.join @s[:nm_directory], @s[:vpn_id]
+nm.cache.name  =  rb>> @s[:vpn_id] + ".ini"
+nm.cache.path  =  rb>> File.join( Gem.user_home(), @s[:nm_cache_name] )
+
+chown.cmd.1    =  rb>> "sudo chown " + @s[:this_user] + ":" + @s[:this_user] + " " + @s[:nm_filepath]
+chown.cmd.2    =  rb>> "sudo chown root:root " + @s[:nm_filepath]
+
+nm.conn.up     =  rb>> "nmcli connection up " + @s[:vpn_id]
+nm.restart     =  sudo service network-manager restart
+
+nm.conn.off    =  rb>> "nmcli con down id " + @s[:vpn_id]
+nm.conn.del    =  rb>> "nmcli connection delete " + @s[:vpn_id]

data/lib/usecase/vpn/vpn.rb

@@ -0,0 +1,54 @@
+#!/usr/bin/ruby
+	
+module OpenSecret
+
+  # This vpn use case sets up vpn connection paraphernelia and can bring up a VPN connection
+  # and then tear it down.
+  #
+  #     safe vpn up
+  #     safe vpn down
+  class Vpn < UseCase
+
+    attr_writer :command
+
+    def execute
+
+      if( @command && @command.eql?( "down" ) )
+
+        puts ""
+        system @dictionary[ :nm_conn_off ]; sleep 2;
+        system @dictionary[ :nm_conn_del ]
+        puts ""
+        return
+
+      end
+
+      puts ""
+      system @dictionary[ :safe_write_cmd ]
+      puts "[#{@dictionary[ :vpn_filename ]}] temporarily exported to [#{@dictionary[ :vpn_filepath ]}]."
+      system @dictionary[ :nm_import_cmd  ]
+      File.delete( @dictionary[ :vpn_filepath ] )
+      puts "Exported file [#{@dictionary[ :vpn_filepath ]}] has now been deleted."
+
+      system @dictionary[ :nm_default_cmd ]
+      system @dictionary[ :nm_user_cmd    ]
+      system @dictionary[ :nm_reload_cmd  ]
+      system @dictionary[ :nm_flags_cmd   ]
+      system @dictionary[ :chown_cmd_1    ]
+
+      vpn_data = IniFile.load( @dictionary[:nm_filepath] )
+      vpn_data['vpn-secrets'] = { 'password' => @dictionary[:vpn_password] }
+      vpn_data.write()
+
+      system @dictionary[ :chown_cmd_2 ]
+      system @dictionary[ :nm_restart  ]; sleep 2;
+      system @dictionary[ :nm_conn_up  ]
+      puts ""
+
+    end
+
+
+  end
+
+
+end

data/lib/version.rb

@@ -1,3 +1,3 @@
 module OpenSecret
-  VERSION = "0.0.9925"
+  VERSION = "0.0.9949"
 end

data/opensecret.gemspec

@@ -7,8 +7,8 @@ Gem::Specification.new do |spec|
 
   spec.name          = "opensecret"
   spec.version       = OpenSecret::VERSION
-  spec.authors       = ["Apollo Akora"]
-  spec.email         = ["apolloakora@gmail.com"]
+  spec.authors       = ["opensecret.io"]
+  spec.email         = ["devopsassets@gmail.com"]
 
   spec.summary       = %q{opensecret locks and unlocks secrets in a simple, secure and intuitive way.}
   spec.description   = %q{opensecret stashes uncrackable secrets as encrypted material in plaintext files. After installing hte opensecret gem, you init, open, put and then look at your credentials, sensitive information and secrets.}
@@ -21,13 +21,12 @@ Gem::Specification.new do |spec|
 
   spec.metadata["yard.run"] = "yri"
   spec.bindir        = "bin"
-  spec.executables   = ['opensecret', 'ops']
+  spec.executables   = [ 'opensecret' ]
   spec.require_paths = ["lib"]
   spec.required_ruby_version = '>= 2.5.0'
 
   spec.add_dependency 'inifile', '~> 3.0'
   spec.add_dependency 'thor', '~> 0.2'
-  spec.add_dependency 'uuid'
   spec.add_dependency 'bcrypt'
 
   spec.add_development_dependency "bundler", "~> 1.16"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: opensecret
 version: !ruby/object:Gem::Version
-  version: 0.0.9925
+  version: 0.0.9949
 platform: ruby
 authors:
-- Apollo Akora
+- opensecret.io
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-13 00:00:00.000000000 Z
+date: 2019-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inifile
@@ -38,20 +38,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.2'
-- !ruby/object:Gem::Dependency
-  name: uuid
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
@@ -84,23 +70,19 @@ description: opensecret stashes uncrackable secrets as encrypted material in pla
   files. After installing hte opensecret gem, you init, open, put and then look at
   your credentials, sensitive information and secrets.
 email:
-- apolloakora@gmail.com
+- devopsassets@gmail.com
 executables:
 - opensecret
-- ops
 extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".travis.yml"
 - ".yardopts"
-- CODE_OF_CONDUCT.md
 - Gemfile
-- LICENSE.txt
 - README.md
 - Rakefile
 - bin/opensecret
-- bin/ops
+- lib/configs/README.md
 - lib/extension/array.rb
 - lib/extension/dir.rb
 - lib/extension/file.rb
@@ -108,12 +90,7 @@ files:
 - lib/extension/string.rb
 - lib/factbase/facts.opensecret.io.ini
 - lib/interprete.rb
-- lib/keytools/binary.map.rb
-- lib/keytools/doc.conversion.to.ones.and.zeroes.ruby
-- lib/keytools/doc.rsa.radix.binary-mapping.ruby
-- lib/keytools/doc.star.schema.strategy.txt
-- lib/keytools/doc.using.pbkdf2.kdf.ruby
-- lib/keytools/doc.using.pbkdf2.pkcs.ruby
+- lib/keytools/PRODUCE_RAND_SEQ_USING_DEV_URANDOM.txt
 - lib/keytools/kdf.api.rb
 - lib/keytools/kdf.bcrypt.rb
 - lib/keytools/kdf.pbkdf2.rb
@@ -125,16 +102,15 @@ files:
 - lib/keytools/key.docs.rb
 - lib/keytools/key.error.rb
 - lib/keytools/key.id.rb
+- lib/keytools/key.ident.rb
 - lib/keytools/key.iv.rb
 - lib/keytools/key.local.rb
-- lib/keytools/key.mach.rb
 - lib/keytools/key.now.rb
 - lib/keytools/key.pair.rb
 - lib/keytools/key.pass.rb
 - lib/keytools/key.rb
-- lib/keytools/keydebug.txt
 - lib/logging/gem.logging.rb
-- lib/modules/cryptology.md
+- lib/modules/README.md
 - lib/modules/cryptology/aes-256.rb
 - lib/modules/cryptology/amalgam.rb
 - lib/modules/cryptology/blowfish.rb
@@ -142,7 +118,6 @@ files:
 - lib/modules/cryptology/collect.rb
 - lib/modules/cryptology/crypt.io.rb
 - lib/modules/cryptology/engineer.rb
-- lib/modules/cryptology/open.bcrypt.rb
 - lib/modules/mappers/dictionary.rb
 - lib/modules/storage/coldstore.rb
 - lib/modules/storage/git.store.rb
@@ -151,18 +126,42 @@ files:
 - lib/session/time.stamp.rb
 - lib/session/user.home.rb
 - lib/usecase/cmd.rb
+- lib/usecase/config/README.md
+- lib/usecase/docker/README.md
+- lib/usecase/docker/docker.rb
+- lib/usecase/edit/README.md
+- lib/usecase/edit/delete.rb
+- lib/usecase/export.rb
+- lib/usecase/files/README.md
+- lib/usecase/files/eject.rb
+- lib/usecase/files/file_me.rb
+- lib/usecase/files/read.rb
+- lib/usecase/files/write.rb
+- lib/usecase/goto.rb
 - lib/usecase/id.rb
 - lib/usecase/import.rb
 - lib/usecase/init.rb
+- lib/usecase/jenkins/README.md
+- lib/usecase/jenkins/crazy_ruby_post_attempt.OLD
+- lib/usecase/jenkins/jenkins.rb
 - lib/usecase/login.rb
 - lib/usecase/logout.rb
 - lib/usecase/open.rb
+- lib/usecase/print.rb
 - lib/usecase/put.rb
-- lib/usecase/read.rb
-- lib/usecase/safe.rb
 - lib/usecase/set.rb
+- lib/usecase/show.rb
+- lib/usecase/terraform/README.md
+- lib/usecase/terraform/terraform.rb
 - lib/usecase/token.rb
+- lib/usecase/update/README.md
+- lib/usecase/update/rename.rb
 - lib/usecase/use.rb
+- lib/usecase/verse.rb
+- lib/usecase/view.rb
+- lib/usecase/vpn/README.md
+- lib/usecase/vpn/vpn.ini
+- lib/usecase/vpn/vpn.rb
 - lib/version.rb
 - opensecret.gemspec
 homepage: https://www.devops-hub.com/software/opensecret