safedb 0.01.0001

data/lib/usecase/logout.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  class Logout < UseCase
+
+    def execute
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+    end
+
+
+  end
+
+
+end
+
+

data/lib/usecase/open.rb

@@ -0,0 +1,71 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <tt>open use case</tt> allows us to add (put), subtract (del)ete, change
+  # (update) and list the secrets within an envelope (outer path) at a given
+  # position (inner path), whether that envelope exists or not.
+  #
+  # Also see the <b>reopen</b> command which only differs from open in that it
+  # fails if the path specified does not exist in either the sealed or session
+  # envelopes.
+  #
+  # == The Open Path Parameter
+  #
+  # Open must be called with a single <b>path</b> parameter with an optional
+  # single colon separating the outer (path to envelope) from the inner (path
+  # within envelope).
+  #
+  # == Open (Path) Pre-Conditions
+  #
+  # The domain must have been initialized on this machine stating the path to
+  # the base folder that contains the key and crypt material.
+  #
+  # To open a path these conditions must be true.
+  #
+  # - the shell session token must have been set at the session beginning
+  # - a successful <tt>login</tt> command must have been issued
+  # - the external drive (eg usb key) must be configured and accessible
+  #
+  # == Observable Value
+  #
+  # The observable value delivered by +[open]+ boils down to
+  #
+  # - an openkey (eg asdfx1234) and corresponding open encryption key
+  # - open encryption key written to <tt>~/.safedb.net/open.keys/asdfx1234.x.txt</tt>
+  # - the opened path (ending in filename) written to session.cache base in [safe]
+  # - the INI string (were the file to be decrypted) would look like the below
+  #
+  #     [session]
+  #     base.path = home/wifi
+  #
+  class Open < UseCase
+
+    # The two paths that have been posted to the open command.
+    # First is a relative path to the obfuscated envelope and then
+    # the path in envelope to the point of interest.
+    attr_writer :env_path, :key_path
+
+    def execute
+
+      return unless ops_key_exists?
+      master_db = KeyApi.read_master_db()
+
+      master_db[ ENV_PATH ] = @env_path
+      master_db[ KEY_PATH ] = @key_path
+
+      KeyApi.write_master_db( create_header(), master_db )
+
+      # Show the mini dictionary at the opened chapter and verse location
+      # More work is needed when for when only the chapter is opened in
+      # which case we should show the list of verses and perhaps the count
+      # of key value pairs each verse contains.
+      Show.new.flow_of_events
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/print.rb

@@ -0,0 +1,40 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  class Print < UseCase
+
+    attr_writer :key_name
+
+    def get_chapter_data( chapter_key )
+      return KeyDb.from_json( KeyApi.content_unlock( chapter_key ) )
+    end
+
+    def execute
+
+      return unless ops_key_exists?
+
+      master_db = get_master_database()
+
+      return if unopened_envelope?( master_db )
+
+      chapter_id = ENVELOPE_KEY_PREFIX + master_db[ ENV_PATH ]
+      has_chapter = KeyApi.db_envelope_exists?( master_db[ chapter_id ] )
+
+      chapter_data = get_chapter_data( master_db[ chapter_id ] ) if has_chapter
+      has_verse = has_chapter && chapter_data.has_key?( master_db[ KEY_PATH ] )
+
+      chapter_err_msg = "Nothing was found at chapter " + master_db[ ENV_PATH ]
+      raise ArgumentError, chapter_err_msg unless has_chapter
+      verse_err_msg = "Nothing was found at chapter " + master_db[ ENV_PATH ] + " verse " + master_db[ KEY_PATH ]
+      raise ArgumentError, verse_err_msg unless has_verse
+
+      print chapter_data[ master_db[ KEY_PATH ] ][ @key_name ]
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/put.rb

@@ -0,0 +1,81 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <b>put use case</b> follows <b>open</b> and it adds secrets into an
+  # <em>(encrypted at rest)</em> <b>envelope</b>. Put can be called many times
+  # and when done, the <b>lock use case</b> can be called to commit all opened
+  # secrets into the configured storage engines.
+  #
+  # Calling <em>put</em> <b>before</b> calling open or <b>after</b> calling lock
+  # is not allowed and will result in an error.
+  #
+  # == Put Pre-Conditions
+  #
+  # When the put use case is called - the below conditions ring true.
+  #
+  # - the <b>folder path</b> ending in ../../my must exist
+  # - a session id, filename and encryption key ( in workstation config )
+  #
+  # == Observable Value
+  #
+  # The observable value delivered by +put+ boils down to
+  #
+  # - a new <b>friends.xyz123abc.os.txt</b> file if this is the first put.
+  # - a new group_name/key_name (like monica/surname) entry is added if required
+  # - a secret value is added against the key or updated if it already exists
+  # - a new session id and encryption key is generated and used to re-encrypt
+  class Put < UseCase
+
+    attr_writer :secret_id, :secret_value
+
+    # Execute the act of putting a string key and string value pair into a
+    # map at the chapter and verse location, overwriting if need be.
+    def execute
+
+      return unless ops_key_exists?
+      master_db = KeyApi.read_master_db()
+
+      return if unopened_envelope?( master_db )
+
+      envelope_id = ENVELOPE_KEY_PREFIX + master_db[ ENV_PATH ]
+      has_content = KeyApi.db_envelope_exists?( master_db[ envelope_id ] )
+
+      # To get hold of the content we must either
+      #
+      #   a) unlock it using the breadcrumbs or
+      #   b) start afresh with a new content db
+      content_box = KeyDb.from_json( KeyApi.content_unlock( master_db[ envelope_id ] ) ) if has_content
+      content_box = KeyDb.new() unless has_content
+      content_hdr = create_header()
+
+      # If no content envelope exists we need to place
+      # an empty one inside the appdb content database.
+      master_db[ envelope_id ] = {} unless has_content
+
+      # This is the PUT use case so we append a
+      #
+      #   a) key for the new dictionary entry
+      #   b) value for the new dictionary entry
+      #
+      # into the current content envelope and write
+      # the envelope to the content filepath.
+      crumbs_dict = master_db[ envelope_id ]
+      content_box.create_entry( master_db[ KEY_PATH ], @secret_id, @secret_value )
+      KeyApi.content_lock( crumbs_dict, content_box.to_json, content_hdr )
+
+      # Three envelope crumbs namely the external ID, the
+      # random iv and the crypt key are written afresh into
+      # the master database.
+      KeyApi.write_master_db( content_hdr, master_db )
+
+      # Show the mini dictionary at the opened chapter and verse location
+      Show.new.flow_of_events
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/set.rb

@@ -0,0 +1,44 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <b>set <em>use case</em></b> is the generic tool for setting configuration
+  # directives inside the safe workstation INI formatted file.
+  #
+  # The mirror of this use case is <b><em>unset</em></b>.
+  #
+  # == Observable Value
+  #
+  # The configuration directive will eithe be created (or will overwrite) an existing
+  # directive with the same path.
+  #
+  # The configuration file is printed to inform the user of the current state.
+  #
+  # == Alternative / Error Flows
+  #
+  # Error - if the directive path is not composed of two (fwd slash separated) parts
+  # Error - if the directive path and/or value contains (or not) unacceptable characters
+  #
+  class Set < UseCase
+
+    attr_writer :domain_name
+
+
+    # The <b>use <em>use case</em></b> is borrowed from the database world and it denotes
+    # the domain to be used <b>for now (and evermore)</b> for this workstation until another
+    # use command is issued.
+    #
+    # The parameter domain_name must be set after an object instance is acquired but
+    # before the execute method runs.
+    def execute
+    end
+
+
+    def pre_validation
+    end
+
+
+  end
+
+
+end

data/lib/usecase/show.rb

@@ -0,0 +1,138 @@
+#!/usr/bin/ruby
+
+module SafeDb
+
+  # Show the mini dictionary of key-value pairs within the logged in book
+  # at the opened chapter and verse.
+  #
+  # If no dictionary exists at the opened chapter and verse a suitable
+  # message is pushed out to the console.
+  class Show < UseCase
+
+    def get_chapter_data( chapter_key )
+      return KeyDb.from_json( KeyApi.content_unlock( chapter_key ) )
+    end
+
+    def execute
+
+      return unless ops_key_exists?
+      master_db = KeyApi.read_master_db()
+
+      return if unopened_envelope?( master_db )
+
+      chapter_id = ENVELOPE_KEY_PREFIX + master_db[ ENV_PATH ]
+      has_chapter = KeyApi.db_envelope_exists?( master_db[ chapter_id ] )
+      chapter_data = get_chapter_data( master_db[ chapter_id ] ) if has_chapter
+      has_verse = has_chapter && chapter_data.has_key?( master_db[ KEY_PATH ] )
+
+
+##global_variables - DONE
+##local_variables - DONE
+##instance_variables - DONE
+##class_variables - tough nut to crack with very little benefit (method class_variables not defined)
+
+=begin
+      puts ""
+      puts "QQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQ ~~~~~~~~~~~~~ Global Variable Array List ~~~~~~~~~~~~~~~~ QQQQQ"
+      puts "QQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+
+      puts global_variables.inspect
+
+      puts "QQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQ ~~~~~~~~~~~~~ Global Variable Values Printed ~~~~~~~~~~~~~~~~ QQQQQ"
+      puts "QQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+
+      global_variables.sort.each do |name|
+
+        puts "<<< ------------------------------------------------------------------->>>"
+        puts "<<< #{name.to_s} >>>"
+        puts "<<< ------------------------------------------------------------------->>>"
+        next if name.to_s.eql?( "$FILENAME" )
+        global_variable_value = eval "#{name}.inspect"
+        puts "<<< #{global_variable_value}"
+
+      end
+
+      puts ""
+      puts "QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts ""
+      puts "QQQQQQQQQQQ QQQQQQQQQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQQQQQQQQQ Bug Finder QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQQQQQQQQQ QQQQQQQQQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts ""
+      self.instance_variables.map do |attribute|
+        puts "=============================================="
+        puts "----------------------------------------------"
+        puts attribute
+        pp self.instance_variable_get(attribute)
+      end
+      puts "=============================================="
+      puts "QQQQQQQQQQQ QQQQQQQQQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQQQQQQQQQ QQQQQQQQQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts ""
+      puts "### ------------------------------------"
+      puts "### Inspect View"
+      puts "### ------------------------------------"
+      pp self.inspect
+      puts "### ------------------------------------"
+      puts "QQQQQQQQQQQ QQQQQQQQQQQQQQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQQQQQQQQQ Local Variables QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+      puts "QQQQQQQQQQQ QQQQQQQQQQQQQQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+
+      local_variables.map do |attribute|
+        puts "=============================================="
+        puts "----------------------------------------------"
+        puts attribute
+        pp binding.local_variable_get(attribute.to_sym)
+      end
+      puts "QQQQQQQQQQQ QQQQQQQQQQQQQQQ QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
+
+      puts ""
+=end
+
+
+      return unless has_verse
+
+      line_dictionary = chapter_data[ master_db[ KEY_PATH ] ]
+
+      puts ""
+      puts "### ##################################\n"
+      puts "### chapter =>> #{master_db[ ENV_PATH ]}\n"
+      puts "### & verse =>> #{master_db[ KEY_PATH ]}\n"
+      puts "### # lines =>> #{line_dictionary.length}\n"
+      puts "### ##################################\n"
+      puts "--- ----------------------------------\n"
+      puts ""
+
+      showable_content = {}
+      line_dictionary.each do | key_str, value_object |
+
+        is_file = key_str.start_with? FILE_KEY_PREFIX
+        value_object.store( FILE_CONTENT_KEY, SECRET_MASK_STRING ) if is_file
+        showable_content.store( key_str[ FILE_KEY_PREFIX.length .. -1 ], value_object ) if is_file
+        next if is_file
+
+        is_secret = key_str.start_with? "@"
+        showable_val = SECRET_MASK_STRING if is_secret
+        showable_val = value_object unless is_secret
+        showable_content.store( key_str, showable_val )
+
+      end
+
+      puts JSON.pretty_generate( showable_content )
+      puts "--- ----------------------------------\n"
+      puts "### ##################################\n"
+      puts ""
+
+    end
+
+    private
+
+    SECRET_MASK_STRING = "***********************"
+
+  end
+
+
+end

data/lib/usecase/terraform/README.md

@@ -0,0 +1,91 @@
+
+# safe terraform <command>
+
+### safe terraform | introduction
+
+This terraform use case exports the AWS IAM user access key, secret key and region key into (very safe) environment variables and then runs the specified terraform be it **init**, **plan**, **apply** or **destroy**.
+
+
+## safe terraform | credential creation
+
+The first use case is importing the IAM user credentials into safe.
+
+    $ safe login joebloggs.com                  # open the book
+    $ safe open iam dev.s3.writer               # open chapter and verse
+    $ safe put @access.key ABCD1234EFGH5678     # Put IAM access key in safe
+    $ safe put @secret.key xyzabcd1234efgh5678  # Put IAM secret key in safe
+    $ safe put region.key eu-west-3             # infrastructure in Paris
+
+    $ safe open iam prod.provisioner            # open chapter and verse
+    $ safe put @access.key 4321DCBA8765WXYZ     # Put IAM access key in safe
+    $ safe put @secret.key 5678uvwx4321abcd9876 # Put IAM secret key in safe
+    $ safe put region.key eu-west-1             # infrastructure in Dublin
+
+    safe logout
+
+Take care to specify these 3 key names **@access.key**, **@secret.key**, **region.key** and note that safe's convention is to sensitively treat the value's of keys beginning with an **@** sign. **safe show** and other readers **mask out (redact)** these sensitive values.
+
+
+## safe terraform | running terraform
+
+Now and forever you can return to the chapter and verse and enjoy a secure credentials transfer where safe makes the IAM user credentials available to Terraform via environment variables. **Never do the plain text credentials touch the floor (disk).**
+
+### Why no safe terraform init?
+**safe only gets involved when credentials are involved**.
+**safe** is not trying to wrap command willy nilly. safe's policy is to keep external tool interfaces as **small** as possible. **`terraform init .`** does not involve credentials so safe does not get involved.
+
+    $ cd /path/to/terraform/dir     # go to directory holding your .tf file
+    $ safe login joebloggs.com      # login to your chosen book
+    $ safe open iam dev.s3.writer   # open chapter and verse holding IAM creds
+    $ terraform init .              # the usual terraform init command
+    $ safe terraform plan           # credentials are exported then terraform plan is run
+    $ safe terraform apply          # credentials are exported then terraform apply is run
+    $ safe terraform destroy        # credentials are exported then terraform destroy is run
+
+You can even change directories and run other terraform projects against the opened IAM user. You can also open an IAM user, run commands, open another run commands and then reopen the first and run commands.
+
+As long as you stay within your shell window - your safe login will persist. Once your session is finished you either logout or exit the shell.
+
+### Shortcut Alert
+
+**safe terraform** is a shortcut for **safe terraform apply**
+
+    $ safe terraform apply
+    $ safe terraform
+
+## safe terraform | pre-conditions
+
+To enact a successful safe terraform call you will need
+
+- to have created an IAM user
+- to open chapter and verse which
+- has these 3 keys @access.key @secret.key and region.key (at least)
+- terraform installed on the machine or container
+
+
+## safe terraform | benefits
+
+The safe terraform command is both an ultra secure and extremely convenient way of launching terraform.
+
+Your precious AWS IAM user credentials do not leave the safe and exist within (environment variable) memory only for the duration of the terraform command.
+
+It is safe as you need neither expose your AWS credentials in plain text in **~/.aws/credentials**, nor risk them sliding into version control. It is convenient because switching IAM users and AWS regions is as easy as typing the now ubiquitous safe open command.
+
+
+## quick tip | view then goto
+
+No need to type out the safe open command everytime. Use it the very first time you create a path to chapter and verse.
+
+    safe open <<chapter>> <<verse>>
+
+Then use safe view and safe goto instead of safe open.
+
+    $ safe view             # list all chapter and verses
+    $ safe goto <<index>>   # use the number from safe view to open the location
+    $ safe show             # look at your mini dictionary
+
+
+## safe terraform | only for aws
+
+This command currently only supports the AWS provider but will be extended to support Google's Compute Engine and more besides.
+

data/lib/usecase/terraform/terraform.rb

@@ -0,0 +1,121 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # This terraform use case exports the AWS IAM user access key, secret key and region key
+  # into (very safe) environment variables and then runs terraform init, plan, apply or destroy.
+  #
+  # This is both ultra secure and extremely convenient because the credentials do not leave
+  # the safe and exist within (environment variable) memory only for the duration of the
+  # terraform command.
+  #
+  # It is safe because you do not need to expose your AWS credentials in plain text.
+  # It is convenient because switching IAM users and AWS regions is as easy as typing the now
+  # ubiquitous safe open command.
+  #
+  #     safe open <<chapter>> <<verse>>
+  class Terraform < UseCase
+
+    attr_writer :command
+
+    # This prefix is tagged onto environment variables which Terraform will read
+    # and convert for consumption into module input variables.
+    TERRAFORM_EVAR_PREFIX = "TF_VAR_"
+
+    def execute
+
+      return unless ops_key_exists?
+      master_db = get_master_database()
+      return if unopened_envelope?( master_db )
+
+      # Get the open chapter identifier (id).
+      # Decide whether chapter already exists.
+      # Then get (or instantiate) the chapter's hash data structure
+      chapter_id = ENVELOPE_KEY_PREFIX + master_db[ ENV_PATH ]
+      verse_id = master_db[ KEY_PATH ]
+      chapter_exists = KeyApi.db_envelope_exists?( master_db[ chapter_id ] )
+
+
+      # -- @todo begin
+      # -- Throw an exception (error) if the chapter
+      # -- either exists and is empty or does not exist.
+      # -- @todo end
+
+
+      # Unlock the chapter data structure by supplying
+      # key/value mini-dictionary breadcrumbs sitting
+      # within the master database at the section labelled
+      # envelope@<<actual_chapter_id>>.
+      chapter_data = KeyDb.from_json( KeyApi.content_unlock( master_db[ chapter_id ] ) )
+
+      # Now read the three AWS IAM credentials @access.key, @secret.key and region.key
+      # into the 3 environment variables terraform expects to find.
+
+      # ############## | ############################################################
+      # @todo refactor | ############################################################
+      # -------------- | 000000000000000000000000000000000000000000000000000000000000
+      # export-then-execute
+      # -------------------
+      # Put all the code above in a generic export-then-execute use case
+      # Then you pass in a Key/Value Dictionary
+      #
+      # { "AWS_ACCESS_KEY_ID" => "@access_key",
+      #   "AWS_SECRET_ACCESS_KEY" => "@secret_key",
+      #   "AWS_DEFAULT_REGION" => "region_key"
+      # }
+      #
+      # And pass in a command array [ "terraform #{command_name} #{auto_approve}", "terraform graph ..." ]
+      #
+      # Validation is done by the generic use case (which loops checking that every value exists
+      # as a key at the opened location.
+      #
+      # If all good the generic use case exports the ENV vars and runs each command in the list.
+      # PS - configure map in INI not code file
+      #
+      # The extra power will speed up generation of environment variable use cases including
+      # ansible, s3 bucket operations, git interactions and more.
+      #
+      # ############## | ############################################################
+      # ############## | ############################################################
+
+      puts ""
+      puts "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts ""
+
+      ENV[ "AWS_ACCESS_KEY_ID"     ] = chapter_data[ verse_id ][ "@access.key" ]
+      ENV[ "AWS_SECRET_ACCESS_KEY" ] = chapter_data[ verse_id ][ "@secret.key" ]
+      ENV[ "AWS_DEFAULT_REGION"    ] = chapter_data[ verse_id ][ "region.key"  ]
+
+      mini_dictionary = chapter_data[ verse_id ]
+      mini_dictionary.each do | key_str, value_object |
+
+        is_env_var = key_str.start_with?( ENV_VAR_PREFIX_A ) || key_str.start_with?( ENV_VAR_PREFIX_B )
+        next unless is_env_var
+
+        env_var_name = key_str[ ENV_VAR_PREFIX_A.length .. -1 ] if key_str.start_with? ENV_VAR_PREFIX_A
+        env_var_name = key_str[ ENV_VAR_PREFIX_B.length .. -1 ] if key_str.start_with? ENV_VAR_PREFIX_B
+        env_var_keyname = TERRAFORM_EVAR_PREFIX + env_var_name
+        ENV[ env_var_keyname ] = value_object
+        puts "Environment variable #{env_var_keyname} has been set."
+
+      end
+
+      puts ""
+      puts "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts ""
+
+      auto_approve = @command && @command.eql?( "plan" ) ? "" : "-auto-approve"
+      command_name = @command ? @command : "apply"
+      system "terraform #{command_name} #{auto_approve}"
+
+      puts ""
+      puts "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+      puts ""
+
+    end
+
+
+  end
+
+
+end

data/lib/usecase/token.rb

@@ -0,0 +1,35 @@
+#!/usr/bin/ruby
+
+module SafeDb
+
+  # The <tt>token use case</tt> prints out an encrypted session token tied
+  # to the workstation and shell environment. See the root README.md on how
+  # to export it and create a simple command alias for it in the ~/.bash_aliases
+  # script which is executed when the shell starts.
+  class Token < UseCase
+
+
+    def execute
+
+      print KeyLocal.generate_shell_key_and_token()
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+
+    end
+
+
+  end
+
+
+end
+