safedb 0.01.0001

data/lib/usecase/id.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+
+  class Id < UseCase
+
+
+    def execute
+
+      puts ""
+      puts KeyNow.grab()
+      puts KeyNow.fetch()
+      puts ""
+
+      return
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/import.rb

@@ -0,0 +1,157 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <b>import use case</b> follows <b>open</b> and it pulls a file into an
+  # <em>(encrypted at rest)</em> <b>envelope</b> while writing metadata about
+  # the file into the opened tree dictionary position.
+  #
+  # == import and reimport commands
+  #
+  # - the import command expects a path parameter and errors if not recvd
+  # - the reimport command is happy with either one or zero parameters
+  #
+  # If the reimport command has no parameters it expects that the opened path
+  # already contains an imported file. It uses the import.path key to locate
+  # the file.
+  #
+  # If the path parameter is given to reimport it uses it and also resets the
+  # import.path key to reflect the path it was given.
+  #
+  # == garbage collect dangling files
+  #
+  # Like dangling envelopes - dangling files will pop up when re-imported.
+  # These are handled by the garbage collection policy which can be to
+  # remove immediately - remove on next login - remove after a time period
+  # or to never remove (manual garbage collection).
+  #
+  class Import < UseCase
+
+    attr_writer :secret_id, :secret_value
+
+    # The <b>put use case</b> follows <b>open</b> and it adds secrets into an
+    # <em>(encrypted at rest)</em> envelope. Put can be called many times to
+    # add secrets. Finally the <b>lock use case</b> commits all opened secrets
+    # into the configured storage engines.
+    #
+    # Calling <em>put</em> <b>before</b> calling open or <b>after</b> calling lock
+    # is not allowed and will result in an error.
+    #
+    # == Put Pre-Conditions
+    #
+    # When the put use case is called - the below conditions ring true.
+    #
+    # - the <b>folder path</b> ending in ../../my must exist
+    # - a session id, filename and encryption key ( in workstation config )
+    #
+    # == Observable Value
+    #
+    # The observable value delivered by +put+ boils down to
+    #
+    # - a new <b>friends.xyz123abc.os.txt</b> file if this is the first put.
+    # - a new group_name/key_name (like monica/surname) entry is added if required
+    # - a secret value is added against the key or updated if it already exists
+    # - a new session id and encryption key is generated and used to re-encrypt
+    def execute
+
+      return unless ops_key_exists?
+      master_db = KeyApi.read_master_db()
+
+      puts "---\n"
+      puts "--- The Master Database (Before)\n"
+      puts "---\n"
+      puts JSON.pretty_generate( master_db )
+      puts "---\n"
+
+      return if unopened_envelope?( master_db )
+
+      envelope_id = ENVELOPE_KEY_PREFIX + master_db[ ENV_PATH ]
+      has_content = KeyApi.db_envelope_exists?( master_db[ envelope_id ] )
+
+      # --
+      # -- To get hold of the content we must either
+      # --
+      # --   a) unlock it using the breadcrumbs or
+      # --   b) start afresh with a new content db
+      # --
+      content_box = KeyDb.from_json( KeyApi.content_unlock( master_db[ envelope_id ] ) ) if has_content
+      content_box = KeyDb.new() unless has_content
+      content_hdr = create_header()
+
+      # --
+      # -- If no content envelope exists we need to place
+      # -- an empty one inside the appdb content database.
+      # --
+      master_db[ envelope_id ] = {} unless has_content
+
+      # --
+      # -- This is the PUT use case so we append a
+      # --
+      # --   a) key for the new dictionary entry
+      # --   b) value for the new dictionary entry
+      # --
+      # -- into the current content envelope and write
+      # -- the envelope to the content filepath.
+      # --
+      crumbs_dict = master_db[ envelope_id ]
+      content_box.create_entry( master_db[ KEY_PATH ], @secret_id, @secret_value )
+      KeyApi.content_lock( crumbs_dict, content_box.to_json, content_hdr )
+
+      puts "---\n"
+      puts "--- The Master Database (After)\n"
+      puts "---\n"
+      puts JSON.pretty_generate( master_db )
+      puts "---\n"
+
+      # --
+      # -- Three envelope crumbs namely the external ID, the
+      # -- random iv and the crypt key are written afreshinto
+      # -- the master database.
+      # --
+      KeyApi.write_master_db( content_hdr, master_db )
+      print_put_success
+
+      return
+
+
+# --->      secret_ids = @secret_id.split("/")
+# --->      if ( envelope.has_key? secret_ids.first )
+# --->        envelope[secret_ids.first][secret_ids.last] = @secret_value
+# --->      else
+# --->        envelope[secret_ids.first] = { secret_ids.last => @secret_value }
+# --->      end
+
+    end
+
+
+    private
+
+
+    def print_put_success
+
+      puts ""
+      puts "Success putting a key/value pair into the open envelope."
+      puts "You can put more in and then close the envelope."
+      puts ""
+      puts "    #{COMMANDMENT} close"
+      puts ""
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/init.rb

@@ -0,0 +1,63 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <b>init use case</b> initializes safe thus preparing it
+  # for the ability to lock secrets, unlock them, transport their keys and
+  # much more.
+  #
+  # safe is a <b>(glorified) placeholder</b>. It takes things in now,
+  # keeps them safe and gives them back later, in a <b>helpful manner</b>.
+  #
+  # == Alternat Error Flows
+  #
+  # An error will be thrown
+  #
+  # - if safe cannot create, extend, read or write the drive folder
+  # - if the domain is already in the configuration file
+  # - if domain has non alphanums, excl hyphens, underscores, @ symbols, periods
+  # - if domain does not begin or end with alphanums.
+  # - if non alpha-nums (excl at signs) appear consecutively
+  # - if no alpha-nums appear in the string
+  # - if the domain string's length is less than 5
+  # - if "safedb.net" appears twice (or more) in a directory tree
+  #
+  class Init < UseCase
+
+    attr_writer :master_p4ss, :domain_name, :base_path
+
+
+    # The init use case prepares the <b>safe</b> so that you can <b>open</b> an envelope,
+    # <b>put</b> secrets into it and then <b>seal</b> (lock) it. Locking effectively writes
+    # crypted blocks to both keystore and crypt store.
+    def execute
+
+      return unless ops_key_exists?
+
+      KeyApi.init_app_domain( @domain_name, @base_path )
+      keys_setup = KeyApi.is_domain_keys_setup?( @domain_name )
+
+      if ( keys_setup )
+        print_already_initialized
+        return
+      end
+
+      domain_password = KeyPass.password_from_shell( true )
+      KeyApi.setup_domain_keys( @domain_name, domain_password, create_header() )
+      print_domain_initialized
+
+# -->      unless @base_path.nil?
+# -->        key_api.register_keystore( @base_path )
+# -->      end
+
+    end
+
+
+    def pre_validation
+    end
+
+
+  end
+
+
+end

data/lib/usecase/jenkins/README.md

@@ -0,0 +1,146 @@
+
+# safe jenkins <command>
+
+
+### safe jenkins post [aws|docker|git] <<jenkins-host-url>> | introduction
+
+Use **`safe jenkins post`** to inject both your **AWS IAM User** and **docker login/password** credentials into your Jenkins 2.0 continuous integration portal reachable by the **jenkins host url** given in the 4th parameter of the safe command.
+
+---
+
+## safe jenkins post | prerequisite
+
+Before you can inject credentials into jenkins using **`safe jenkins post`** you must
+
+- be logged into your safe
+- have opened the appropriate chapter/verse
+- have put the required credential key/value pairs into the safe
+- have the jenkins service up and running
+
+After the post (to jenkins), your continuous integration jobs will be able to access the credential values via their IDs as stated in the below table.
+
+---
+
+## safe jenkins post aws | key names table
+
+As credentials are WORO (write once, read often), safe makes the reading part very very easy (and secure) so your effort is frontloaded.
+
+| Safe Key    | Jenkins Credential IDs | Environment Variable  | Description                                              |
+|:-----------:|:----------------------:|:--------------------- |:-------------------------------------------------------- |
+| @access.key | safe.aws.access.key    | AWS_ACCESS_KEY_ID     | The AWS IAM user's access key credential.                |
+| @secret.key | safe.aws.secret.key    | AWS_SECRET_ACCESS_KEY | The AWS IAM user's secret key credential.                |
+| region.key  | safe.aws.region.key    | AWS_REGION            | The AWS region key that your Jenkins service points to.  |
+
+So you can see that by convention, safe expects the credential keys in the safe to be named a particular way, and likewise, you can be assured of the IDs it gives those credentials when posted to Jenkins.
+
+
+## safe jenkins post | credentials lifecycle
+
+The life of the credentials begins when you create an  IAM user and record its access and secret keys. Then
+
+- you login to safe and store the 3 keys and their values
+- safe jenkins post will read the values and post them to Jenkins
+- Jenkins stores the values in conjunction with the Jenkins Credential IDs
+- pipeline jobs ask Jenkins to put the Credential ID values against environment variables
+- tools like Terraform and AwsCli use the environment variables to work in the cloud
+
+
+## Jenkinsfile | Usage in Pipeline Jobs
+
+Here is a pipeline declaration within a Jenkinsfile that asks Jenkins to put the credential values in its secrets store into the stated environment variables.
+
+    environment
+    {
+        AWS_ACCESS_KEY_ID     = credentials( 'safe.aws.access.key' )
+        AWS_SECRET_ACCESS_KEY = credentials( 'safe.aws.secret.key' )
+        AWS_REGION            = credentials( 'safe.aws.region.key' )
+    }
+
+After **`safe jenkins post aws`** you can **click into the Credentials item in the Jenkins main menu** to assure yourself that the credentials have indeed been properly injected.
+
+---
+
+## How to Write AWS Credentials into your Safe
+
+In order to **`safe terraform apply`** or **`safe jenkins post aws <<jenkins-host-url>>`** or `safe visit` you must first put those ubiquitous IAM programmatic user credentials into your safe.
+
+    $ safe login joebloggs.com                  # open the book
+
+    $ safe open iam dev.s3.reader               # open chapter and verse
+    $ safe put @access.key ABCD1234EFGH5678     # Put IAM access key in safe
+    $ safe put @secret.key xyzabcd1234efgh5678  # Put IAM secret key in safe
+    $ safe put region.key eu-west-3             # infrastructure in Paris
+
+    $ safe open iam canary.admin                # open chapter and verse
+    $ safe put @access.key 4321DCBA8765WXYZ     # Put IAM access key in safe
+    $ safe put @secret.key 5678uvwx4321abcd9876 # Put IAM secret key in safe
+    $ safe put region.key eu-west-1             # infrastructure in Dublin
+
+    $ safe logout
+
+
+---
+
+
+## How to write DockerHub Credentials into your Safe
+
+#### safe jenkins post docker https://jenkins.example.com
+
+Before you can issue a **`safe jenkins post docker http://localhost:8080`** you must insert your docker login credentials in the form of a username and @password into your safe. Remember that any key starting with the `@ sign` tells the safe to keep it a secret like when you issue a **`safe show`** command.
+
+    $ safe login joebloggs.com        # open the book
+    $ safe open docker production     # at the docker (for production) chapter and verse
+    $ safe put username admin         # Put the Docker repository login username into the safe
+    $ safe put @password secret12345  # Put the Docker repository login @password into the safe
+    $ safe logout
+
+When docker credentials are injected into a Jenkins service the safe will expect to find a key at the open chapter and verse called username and another one called password.
+
+The safe promises to inject credentials with an ID of **safe.docker.login.id** so any jenkins jobs that need to use the docker login username and password must specify this ID when talking to the Jenkins credentials service.
+
+
+### DockerHub Credentials Inject Response
+
+Here is an example of posting dockerhub credentials into a Jenkins service running on the local machine.
+
+``` bash
+safe jenkins post docker http://localhost:8080
+```
+
+If successful safe provides a polite response detailing what just happened.
+
+```
+ - Jenkins Host Url : http://localhost:8080/credentials/store/system/domain/_/createCredentials
+ -   Credentials ID : safe.docker.login.id
+ -  Inject Username : devops4me
+ - So what is this? : The docker repository login credentials in the shape of a username and password.
+
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100   428    0     0  100   428      0  47555 --:--:-- --:--:-- --:--:-- 47555
+```
+
+---
+
+
+## safe integrations | we need your help
+
+**You can help to extend safe's integrations.**
+
+By design - safe integrations are simple to write. They primarily integrate with producers and consumers. To deliver efficacy to devops engineers safe will endeavour to
+
+- **send** credentials to **downstream consumers** and
+- **receive** credentials from **upstream producers**
+
+safe needs pull requests from the devops community and it promises to always strive to keep the task of writing an integration extremely simple.
+
+### integrations | what giving takes?
+
+Currently, writing an integration entails delivering 3 or 4 artifacts which are
+
+- 1 simple Ruby class
+- 1 README.md documenting the command structure, the prerequisites and the expected outcome
+- 1 class containing unit tests
+- (optionaly) an INI file if many configuration and facts are involved
+
+Giving doesn't take much so roll up your sleeves (or frocks) and get writing.

data/lib/usecase/jenkins/jenkins.rb

@@ -0,0 +1,208 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+    # This Jenkins use case handles the to and fro integration of secrets and sensitive information
+    # between the safe database under management and a Jenkins service pinpointed by an incoming 
+    # host url parameter.
+    #
+    # This Jenkins use case injects for example the AWS IAM user access key, secret key and region key
+    # into a running Jenkins CI (Continuous Integration) service at the specified (url) location.
+    #
+    #     safe jenkins post <<[ aws | docker | git ]>> <<jenkins-host-url>>
+
+    class Jenkins < UseCase
+
+        # The three instance variables provided through the command line like
+        # for example  $ safe jenkins post aws http://localhost:8080
+        # For more info visit the documentation in the command interpreter class.
+        attr_writer :command, :service, :url
+
+        # If string variables EXPLODE throughout (and come to dominate) this class
+        # we should consider introducing an INI factfile like the [vpn] use case.
+        JENKINS_URI_PATH = "credentials/store/system/domain/_/createCredentials"
+
+        # If string variables EXPLODE throughout (and come to dominate) this class
+        # we should consider introducing an INI factfile like the [vpn] use case.
+        SECRET_KEY_VALUE_PAIR_DICTIONARY =
+          {
+            "scope"       => "GLOBAL",
+            "$class"      => "org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl"
+          }
+
+        # If string variables EXPLODE throughout (and come to dominate) this class
+        # we should consider introducing an INI factfile like the [vpn] use case.
+        SECRET_KEY_VALUE_PAIR_TO_POST = { "" => "0", "credentials" => SECRET_KEY_VALUE_PAIR_DICTIONARY }
+
+
+        # If string variables EXPLODE throughout (and come to dominate) this class
+        # we should consider introducing an INI factfile like the [vpn] use case.
+        USERNAME_AND_PASSWORD_DICTIONARY =
+          {
+            "scope"       => "GLOBAL",
+            "$class"      => "com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"
+          }
+
+        # If string variables EXPLODE throughout (and come to dominate) this class
+        # we should consider introducing an INI factfile like the [vpn] use case.
+        USERNAME_AND_PASSWORD_TO_POST = { "" => "0", "credentials" => USERNAME_AND_PASSWORD_DICTIONARY }
+
+
+
+        # Inject a Jenkins credential key-value pair that is secret and/or sensitive and
+        # needs to be referenced by executing continuous integration jobs.
+        #
+        # @param jenkins_base_url [String]
+        #
+        #    This base url includes the scheme (protocol) which can be either http
+        #    or https. It can include the port if it is not either 80 or 443. A common
+        #    example is http://localhost:8080 but can also be https://jenkins.example.com
+        #    It pays not to provide a trailing backslash on this url.
+        #
+        # @param credentials_id [String]
+        #
+        #    The ID that Jenkins jobs will use to reference this credential's value.
+        #
+        # @param secret_value [String]
+        #
+        #    The value of this credential (secret) that will be injected for SafeKeeping
+        #    to the Jenkins service at the provided URL.
+        #
+        # @param description [String]
+        #
+        #    Description of the credential that will be posted and can be viewed via
+        #    the Jenkins user interface.
+        def inject_secret_key_value_pair( jenkins_base_url, credentials_id, secret_value, description )
+
+            jenkins_url = File.join( jenkins_base_url, JENKINS_URI_PATH )
+
+            credentials_dictionary = SECRET_KEY_VALUE_PAIR_DICTIONARY
+            credentials_dictionary.store( "id", credentials_id )
+            credentials_dictionary.store( "secret", secret_value )
+            credentials_dictionary.store( "description", description )
+
+            curl_cmd = "curl -X POST '#{jenkins_url}' --data-urlencode 'json=#{SECRET_KEY_VALUE_PAIR_TO_POST.to_json}'"
+
+            puts ""
+            puts " - Jenkins Host Url : #{jenkins_url}"
+            puts " -   Credentials ID : #{credentials_id}"
+            puts " - So what is this? : #{description}"
+            puts ""
+
+            %x[ #{curl_cmd} ]
+
+            puts ""
+
+        end
+
+
+
+        # Inject into Jenkins a username and password pairing against an ID key that the
+        # continuous integration jobs know and can use to access the credentials pair.
+        #
+        # @param jenkins_base_url [String]
+        #
+        #    This base url includes the scheme (protocol) which can be either http
+        #    or https. It can include the port if it is not either 80 or 443. A common
+        #    example is http://localhost:8080 but can also be https://jenkins.example.com
+        #    It pays not to provide a trailing backslash on this url.
+        #
+        # @param credentials_id [String]
+        #
+        #    The ID that Jenkins jobs will use to reference this credential's value.
+        #
+        # @param username [String]
+        #
+        #    The value of this username (secret) that will be injected for SafeKeeping
+        #    to the Jenkins service at the provided URL.
+        #
+        # @param password [String]
+        #
+        #    The value of this password (secret) that will be injected for SafeKeeping
+        #    to the Jenkins service at the provided URL.
+        #
+        # @param description [String]
+        #
+        #    Description of the username and password pairing that will be posted and
+        #    can be viewed via the Jenkins user interface.
+        def inject_username_and_password( jenkins_base_url, credentials_id, username, password, description )
+
+            jenkins_url = File.join( jenkins_base_url, JENKINS_URI_PATH )
+
+            credentials_dictionary = USERNAME_AND_PASSWORD_DICTIONARY
+            credentials_dictionary.store( "id", credentials_id )
+            credentials_dictionary.store( "username", username )
+            credentials_dictionary.store( "password", password )
+            credentials_dictionary.store( "description", description )
+
+            curl_cmd = "curl -X POST '#{jenkins_url}' --data-urlencode 'json=#{USERNAME_AND_PASSWORD_TO_POST.to_json}'"
+
+            puts ""
+            puts " - Jenkins Host Url : #{jenkins_url}"
+            puts " -   Credentials ID : #{credentials_id}"
+            puts " -  Inject Username : #{username}"
+            puts " - So what is this? : #{description}"
+            puts ""
+
+            %x[ #{curl_cmd} ]
+
+            puts ""
+
+        end
+
+
+
+        def execute
+
+            return unless ops_key_exists?
+            master_db = get_master_database()
+            return if unopened_envelope?( master_db )
+
+            # Get the open chapter identifier (id).
+            # Decide whether chapter already exists.
+            # Then get (or instantiate) the chapter's hash data structure
+            chapter_id = ENVELOPE_KEY_PREFIX + master_db[ ENV_PATH ]
+            verse_id = master_db[ KEY_PATH ]
+            chapter_exists = KeyApi.db_envelope_exists?( master_db[ chapter_id ] )
+
+            # Unlock the chapter data structure by supplying
+            # key/value mini-dictionary breadcrumbs sitting
+            # within the master database at the section labelled
+            # envelope@<<actual_chapter_id>>.
+            chapter_data = KeyDb.from_json( KeyApi.content_unlock( master_db[ chapter_id ] ) )
+
+            key_value_dictionary = chapter_data[ verse_id ]
+
+            inject_aws_credentials(    key_value_dictionary ) if @service.eql?( "aws" )
+            inject_docker_credentials( key_value_dictionary ) if @service.eql?( "docker" )
+
+        end
+
+
+
+        def inject_aws_credentials( mini_dictionary )
+
+            access_key_desc = "The access key of the AWS IAM (programmatic) user credentials."
+            secret_key_desc = "The secret key of the AWS IAM (programmatic) user credentials."
+            region_key_desc = "The AWS region key for example eu-west-1 for Dublin in Ireland."
+
+            inject_secret_key_value_pair( @url, "safe.aws.access.key", mini_dictionary[ "@access.key" ], access_key_desc )
+            inject_secret_key_value_pair( @url, "safe.aws.secret.key", mini_dictionary[ "@secret.key" ], secret_key_desc )
+            inject_secret_key_value_pair( @url, "safe.aws.region.key", mini_dictionary[ "region.key"  ], region_key_desc )
+
+        end
+
+
+        def inject_docker_credentials( mini_dictionary )
+
+            docker_desc = "The docker repository login credentials in the shape of a username and password."
+
+            inject_username_and_password( @url, "safe.docker.login.id", mini_dictionary[ "docker.username" ], mini_dictionary[ "@docker.password" ], docker_desc )
+
+        end
+
+
+    end
+
+
+end

data/lib/usecase/login.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <b>login use case</b> is given the domain name and if needs be
+  # it collects the password then (if correct) logs the user in.
+  #
+  # Here are some key facts about the login command
+  #
+  # - its domain name parameter is mandatory
+  # - it is called at the start of every session
+  # - it is undone by the logout command
+  # - it requires the shell token environment variable to be set
+  # - you can nest login commands thus using multiple domains
+  # - you can call it with a --with=password switch
+  # - a space before the command prevents it being logged in .bash_history
+  # - you can deliver the password in multiple ways
+  class Login < UseCase
+
+    attr_writer :master_p4ss, :domain_name
+
+
+    def execute
+
+      return unless ops_key_exists?
+
+      unless ( KeyApi.is_domain_keys_setup?( @domain_name ) )
+        print_not_initialized
+        return
+      end
+
+############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
+############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
+############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
+############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
+############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
+############## Call [[ KeyApi.is_logged_in? ]] - then print msg and skip password collection below
+
+      domain_secret = KeyPass.password_from_shell( false )
+
+############## Use [[ KeyApi.valid_password? ]] and give error if not valid
+############## Use [[ KeyApi.valid_password? ]] and give error if not valid
+############## Use [[ KeyApi.valid_password? ]] and give error if not valid
+############## Use [[ KeyApi.valid_password? ]] and give error if not valid
+############## Use [[ KeyApi.valid_password? ]] and give error if not valid
+
+      KeyApi.do_login( @domain_name, domain_secret, create_header() )
+
+      view_uc = View.new
+      view_uc.flow_of_events
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+    end
+
+
+  end
+
+
+end
+
+