sym 2.1.2 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6529381babbcb57ee7ca039a9d01dbafe4d8fe9f
-  data.tar.gz: 9b48b1a55b06dd5870a3f0d25bc0b862c3f64502
+  metadata.gz: d0d5e823703d09fb437c0b9f8e11b55dd1a0e204
+  data.tar.gz: 42f5145f34d3d0779422e3c2511d35580d85c033
 SHA512:
-  metadata.gz: 9de600b399c540917e92f7de8ab0f36b426d24950ee7d0ccca4fce21b929286a7c13c7e3f8f603f25b5698c0ac2d684d6756760b88085a3cadaab1d246e94bf3
-  data.tar.gz: 23871684bbcb5d41edd02e8922abf866a9d5db90c2f120625e6f67d6d20e377d22b204b782072461b76c1b82fb2575777aab9b7dd2273e5b5d47c0c90332189c
+  metadata.gz: 3b007deff2a49f8a31d451fd433eebc7cca83e8ff28a733b8d37a2b34ca5288460e93aa3e8b078442e6c680296fc19b1152f5deac81c2775acc57f79710478b1
+  data.tar.gz: 1c89daa41bbf54b754e203a65720f452e96546e79825924f8d670f11ef392e8c04ca34a85a706b3aba4c6f081870f08189239b3a5fdf7c2a473fec1e51ca47bc

data/.travis.yml

@@ -1,6 +1,8 @@
 language: ruby
 env:
 - CODECLIMATE_REPO_TOKEN=c71874cc22acffe1e2543d3388d3a96c73a65f0cfe17169dadd8de4a6c062c39
+services:
+- memcached
 rvm:
 - 2.4.0
 - 2.3.3

data/README.md

@@ -13,97 +13,6 @@
 
 > __sym__ is a command line utility and a Ruby API that makes it _trivial to encrypt and decrypt sensitive data_. Unlike many other existing encryption tools, __sym__ focuses on usability and streamlined interface (CLI), with the goal of making encryption easy and transparent. The result? There is no excuse for keeping your application secrets unencrypted :) 
 
-<hr />
-## Table of Contents
-
-<ul class="small site-footer-links">
-<li>
-<a href="#description">Description</a>
-<ul>
-<li>
-<a href="#motivation">Motivation</a>
-</li>
-<li>
-<a href="#whats-included">What&#39;s Included</a>
-</li>
-<li>
-<a href="#how-it-works">How It Works</a>
-</li>
-</ul>
-</li>
-<li>
-<a href="#installation">Installation</a>
-</li>
-<li>
-<a href="#using-sym-with-the-command-line">Using <code>sym</code> with the Command Line</a>
-<ul>
-<li>
-<a href="#private-keys">Private Keys</a>
-<ul>
-<li>
-<a href="#generating-private-keys">Generating Private Keys</a>
-</li>
-<li>
-<a href="#using-keychain-access-on-mac-os-x">Using KeyChain Access on Mac OS-X</a>
-</li>
-<li>
-<a href="#keychain-key-management">KeyChain Key Management</a>
-</li>
-<li>
-<a href="#moving-a-key-to-the-keychain">Moving a Key to the Keychain</a>
-</li>
-<li>
-<a href="#adding-password-to-existing-key">Adding Password to Existing Key</a>
-</li>
-<li>
-<a href="#encryption-and-decryption">Encryption and Decryption</a>
-</li>
-</ul>
-</li>
-<li>
-<a href="#cli-usage-examples">CLI Usage Examples</a>
-<ul>
-<li>
-<a href="#inline-editing">Inline Editing</a>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-<li>
-<a href="#ruby-api">Ruby API</a>
-<ul>
-<li>
-<a href="#encryption-and-decryption-operations">Encryption and Decryption Operations</a>
-</li>
-<li>
-<a href="#full-application-api">Full Application API</a>
-</li>
-<li>
-<a href="#configuration">Configuration</a>
-</li>
-</ul>
-</li>
-<li>
-<a href="#encryption-features--cipher-used">Encryption Features &amp; Cipher Used</a>
-</li>
-<li>
-<a href="#development">Development</a>
-<ul>
-<li>
-<a href="#contributing">Contributing</a>
-</li>
-</ul>
-</li>
-<li>
-<a href="#license">License</a>
-</li>
-<li>
-<a href="#acknowledgements">Acknowledgements</a>
-</li>
-</ul>
-<hr />
-
 ### Motivation
 
 The primary goal of this tool is to streamline and simplify handling of relatively sensitive data in the most trasparent and easy to use way as possible, without sacrificing security.
@@ -150,18 +59,18 @@ New Password     :  •••••••••
 Confirm Password :  •••••••••
 BAhTOh1TeW06OkRhdGE6OldyYXBwZXJTdH.....
 
-❯ sym -ex my-new-key -s 'My secret data' -o secret.enc
+❯ sym -ex my-new-key -s 'My secret data' -o secret.enc -C
 Coin::Vault listening at: druby://127.0.0.1:24924
 Password: •••••••••
 
 ❯ cat secret.enc
 BAhTOh1TeW06OkRhdGE6OldyYXBFefDFFD.....
 
-❯ sym -dx my-new-key -f secret.enc
+❯ sym -dx my-new-key -f secret.enc -C
 My secret data
 ```
 
-The line that says `Coin::Vault listening at: druby://127.0.0.1:24924` is the indication that the local dRB server used for caching passwords has been started. Password caching can be easily disabled with `-P` flag. In the example above, the decryption step fetched the password from the cache, and so the user was not required to re-enter the password.
+The line that says `Coin::Vault listening at: druby://127.0.0.1:24924` is the indication that the local dRB server used for caching passwords has been started. Password caching is off by default, but is enabled with `-C` flag. In the example above, the decryption step fetched the password from the cache, and so the user was not required to re-enter the password.
 
 __Direct Editing Encrypted Files__
 
@@ -208,14 +117,13 @@ The private key is the cornerstone of the symmetric encryption. Using `sym`, the
  * generated and printed to STDOUT, or saved to Mac OS-X KeyChain or a file
  * fetched from the Keychain in subsequent operations
  * password-protected during generation (or import) with the `-p` flag.
+ * password can be cached using either `memcached` or `dRB` server, if the `-C` flag is provided.
  * must be kept very well protected and secure from attackers.
 
 The __unencrypted private__ key will be in the form of a base64-encoded string, 45 characters long.
 
 __Encrypted (with password) private key__ will be considerably longer, perhaps 200-300 characters long.
 
-When the private key is encrypted, `sym` will request the password only once per 15 minute period. The password is cached using a local dRB server, but this caching can be disabled with `-P` flag.
-
 #### Generating Private Keys
 
 Let's generate a new key, and copy it to the clipboard (using `pbcopy` command on Mac OS-X):
@@ -289,62 +197,81 @@ You can add a password to a key by combining one of the key description flags (-
     
 The above example will take an unencrypted key passed in `$mykey`, ask for a password and save password protected key into the keychain with name "moo."
 
+#### Password Caching
+
+Nobody likes to re-type passwords over and over again, and for this reason *Sym* supports password caching via either a locally running `memcached` instance (the default, if available), or a locally started `dRB` (distributed Ruby) server based on the `Coin` gem.
+
+Specifics of configuring both Cache Providers is left to the `Configuration` class, an example of which is shown below in the Ruby API section.
+
+In order to control password caching, the following flags are available:
+
+ * `-C` turns on caching
+ * `-T seconds` sets the expiration for cached passwords
+ * `-P memcached | drb` controls which of the providers is used. Without this flag, *sym* auto-detects caching provider by first checking for `memcached`, and then starting the `dRB` server.
+
 #### Encryption and Decryption
 
 This may be a good time to take a look at the full help message for the `sym` tool, shown naturally with a `-h` or `--help` option.
 
 ```
-Sym (2.1.1) – encrypt/decrypt data with a private key
+Sym (2.2.0) – encrypt/decrypt data with a private key
 
 Usage:
    # Generate a new key:
-   sym -g [ -p ] [ -x keychain ] [ -o keyfile | -q | ]
-
-   # Encrypt/Decrypt
-   sym [ -d | -e ] [ -f <file> | -s <string> ]
-        [ -k key | -K keyfile | -x keychain | -i ]
-        [ -o <output file> ]
+   sym -g [ -p ] [ -x keychain | -o keyfile | -q | ]  
 
-   # Edit an encrypted file in $EDITOR
-   sym -t -f <file> [ -b ][ -k key | -K keyfile | -x keychain | -i ]
+   # To specify a key for an operation use any one of:
+   <key-spec> = -k key | -K file | -x keychain | -i 
 
+   # Encrypt/Decrypt to STDOUT or output file 
+   sym -e <key-spec> [-f <file> | -s <string>] [-o <file>] 
+   sym -d <key-spec> [-f <file> | -s <string>] [-o <file>] 
+ 
+   # Edit an encrypted file in $EDITOR 
+   sym -t <key-spec>  -f <file> [ -b ]
+ 
 Modes:
-  -e, --encrypt                       encrypt mode
-  -d, --decrypt                       decrypt mode
-  -t, --edit                          decrypt, open an encr. file in an $EDITOR
-
+  -e, --encrypt                     encrypt mode
+  -d, --decrypt                     decrypt mode
+  -t, --edit                        edit encrypted file in an $EDITOR
+ 
 Create a new private key:
-  -g, --generate                      generate a new private key
-  -p, --password                      encrypt the key with a password
-  -x, --keychain           [key-name] add to (or read from) the OS-X Keychain
-  -M, --password-timeout   [timeout]  when passwords expire (in seconds)
-  -P, --no-password-cache             disables caching of key passwords
-
+  -g, --generate                    generate a new private key
+  -p, --password                    encrypt the key with a password
+ 
 Read existing private key from:
-  -i, --interactive                   Paste or type the key interactively
-  -k, --private-key        [key]      private key as a string
-  -K, --keyfile            [key-file] private key from a file
-
+  -k, --private-key      [key]      private key (or key file)
+  -K, --keyfile          [key-file] private key from a file
+  -x, --keychain         [key-name] add to (or read from) the OS-X Keychain
+  -i, --interactive                 Paste or type the key interactively
+ 
+Password Cache:
+  -C, --cache-password              enable the cache (off by default)
+  -T, --cache-for        [seconds]  to cache the password for
+  -P, --cache-provider   [provider] type of cache, one of: 
+				    [ memcached, drb ]
+ 
 Data to Encrypt/Decrypt:
-  -s, --string             [string]   specify a string to encrypt/decrypt
-  -f, --file               [file]     filename to read from
-  -o, --output             [file]     filename to write to
-
+  -s, --string           [string]   specify a string to encrypt/decrypt
+  -f, --file             [file]     filename to read from
+  -o, --output           [file]     filename to write to
+ 
 Flags:
-  -b, --backup                        create a backup file in the edit mode
-  -v, --verbose                       show additional information
-  -T, --trace                         print a backtrace of any errors
-  -D, --debug                         print debugging information
-  -q, --quiet                         silence all output
-  -V, --version                       print library version
-  -N, --no-color                      disable color output
-
+  -b, --backup                      create a backup file in the edit mode
+  -v, --verbose                     show additional information
+  -A, --trace                       print a backtrace of any errors
+  -D, --debug                       print debugging information
+  -q, --quiet                       do not print to STDOUT
+  -V, --version                     print library version
+  -N, --no-color                    disable color output
+ 
 Utility:
-  -a, --bash-completion    [file]     append shell completion to a file
-
+  -a, --bash-completion  [file]     append shell completion to a file
+ 
 Help & Examples:
-  -E, --examples                      show several examples
-  -h, --help                          show help
+  -E, --examples                    show several examples
+  -h, --help                        show help
+
 ```
 
 ### CLI Usage Examples
@@ -485,11 +412,27 @@ The library offers a typical `Sym::Configuration` class which can be used to twe
 require 'zlib'
 require 'sym'
 Sym::Configuration.configure do |config|
-  config.password_cipher = 'AES-128-CBC'  #
-  config.data_cipher = 'AES-256-CBC'
-  config.private_key_cipher = config.data_cipher
+  config.password_cipher     = 'AES-128-CBC'
+  config.private_key_cipher  = config.data_cipher
   config.compression_enabled = true
-  config.compression_level = Zlib::BEST_COMPRESSION
+  config.compression_level   = Zlib::BEST_COMPRESSION
+
+  config.password_cache_timeout = 300
+  config.password_cache_arguments        = {
+    drb:       {
+      opts: {
+        uri: 'druby://127.0.0.1:24924'
+      }
+    },
+    memcached: {
+      args: %w(127.0.0.1:11211),
+      opts: { namespace:  'sym',
+              compress:   true,
+              expires_in: config.password_cache_timeout
+      }
+
+    }
+  }
 end
 ```
 
@@ -504,7 +447,7 @@ The `sym` executable as well as the Ruby API provide:
    * 256-bit private key, that
      *  can be generated and is a *base64-encoded* string about 45 characters long. The *decoded* key is always 32 characters (or 256 bytes) long.
      * can be optionally password-encrypted using the 128-bit key, and then be automatically detected (and password requested) when the key is used
-     * can have its password cached for 15 minutes locally on the machine using dRB server (or used without the cache with `-P` flag).
+     * can optionally have its password cached for 15 minutes locally on the machine using `memcached` or using a `dRB` server
  * Rich command line interface with some innovative features, such as inline editing of an encrypted file, using your favorite `$EDITOR`.
  * Data handling:
    * Automatic compression of the data upon encryption

data/bin/sym.completion

@@ -16,11 +16,12 @@ _sym() {
 
     #[[ $COMP_CWORD == 1 ]] && SYM_COMP_OPTIONS="${SYM_COMP_OPTIONS} ${SYM_COMMANDS}"
     if [[ $prev =~ "-f" || $prev =~ "-o" || $prev =~ "-K" || $prev == "--keyfile" ]] ; then 
-      SYM_COMP_OPTIONS="$(find . -type f -depth 1 | sed 's#./##g')"
-    elif  [[ "${cur}" == '--' || "${cur}" == --* ]] ; then 
-      SYM_COMP_OPTIONS=$(sym --dictionary | sed -E 's/ /\n/g')
+      SYM_COMP_OPTIONS="$(find . -type f -depth 1 | sed 's#^.\/##g')"
+    elif  [[ "${cur}" == '-' || "${cur}" == -* ]] ; then 
+      export DICT_SYM_COMP_OPTIONS=${DICT_SYM_COMP_OPTIONS:-$(sym --dictionary | sed -E 's/ /\n/g')}
+      SYM_COMP_OPTIONS=${DICT_SYM_COMP_OPTIONS}
     else 
-      SYM_COMP_OPTIONS=$(sym -h | egrep '  \-' | grep -v '^  --' | cut -d ',' -f 1)
+      SYM_COMP_OPTIONS="$(find . -type f -depth 1 -name "${prev}*" | sed 's#^.\/##g')"
     fi
 
     COMPREPLY=( $(compgen -W "${SYM_COMP_OPTIONS}" -- ${cur}) )

data/lib/sym.rb

@@ -1,6 +1,6 @@
 require 'colored2'
 require 'zlib'
-require 'coin'
+require 'logger'
 
 require_relative 'sym/configuration'
 
@@ -10,8 +10,29 @@ Sym::Configuration.configure do |config|
   config.private_key_cipher  = config.data_cipher
   config.compression_enabled = true
   config.compression_level   = Zlib::BEST_COMPRESSION
+
+  config.password_cache_timeout = 300
+
+  # When nil is selected, providers are auto-detected.
+  config.password_cache_default_provider = nil
+  config.password_cache_arguments        = {
+    drb:       {
+      opts: {
+        uri: 'druby://127.0.0.1:24924'
+      }
+    },
+    memcached: {
+      args: %w(127.0.0.1:11211),
+      opts: { namespace:  'sym',
+              compress:   true,
+              expires_in: config.password_cache_timeout
+      }
+
+    }
+  }
 end
 
+
 #
 # == Using Sym Library
 #
@@ -117,5 +138,7 @@ module Sym
     file:   File.expand_path('../../bin/sym.completion', __FILE__),
     script: "[[ -f '#{COMPLETION_PATH}' ]] && source '#{COMPLETION_PATH}'",
   }
+
+  LOGGER = Logger.new(nil) # empty logger
 end
 

data/lib/sym/app/cli.rb

@@ -14,6 +14,7 @@ require 'highline'
 require_relative 'output/file'
 require_relative 'output/file'
 require_relative 'output/stdout'
+require_relative 'cli_slop'
 
 module Sym
   module App
@@ -51,38 +52,33 @@ module Sym
     # in a cross-platform way inside the {Sym::App::Keychain} module.
 
     class CLI
+      # brings in #parse(Array[String] args)
+      include CLISlop
 
       extend Forwardable
-
       def_delegators :@application, :command
 
       attr_accessor :opts, :application, :outputs, :output_proc
 
-      def initialize(argv)
+      def initialize(argv_original)
         begin
-          argv_copy = argv.dup
-          dict      = false
-          if argv_copy.include?('--dictionary')
-            dict = true
-            argv_copy.delete('--dictionary')
-          end
-          self.opts = parse(argv_copy)
-          if dict
-            options = opts.parser.unused_options + opts.parser.used_options
-            puts options.map { |o| o.to_s.gsub(/.*(--[\w-]+).*/, '\1') }.sort.join(' ')
-            exit 0
-          end
+          argv      = argv_original.dup
+          dict      = argv.delete('--dictionary')
+          self.opts = parse(argv)
+          command_dictionary if dict
         rescue StandardError => e
           error exception: e
           return
         end
 
-        configure_color(argv)
+        command_no_color(argv_original) if opts[:no_color]
 
         self.application = ::Sym::Application.new(opts)
+
         select_output_stream
       end
 
+
       def execute
         return Sym::App.exit_code if Sym::App.exit_code != 0
 
@@ -97,90 +93,31 @@ module Sym
 
       private
 
+      def command_dictionary
+        options = opts.parser.unused_options + opts.parser.used_options
+        puts options.map(&:to_s).sort.map { |o| "-#{o[1]}" }.join(' ')
+        exit 0
+      end
+
       def error(hash)
         Sym::App.error(hash.merge(config: (opts ? opts.to_hash : {})))
       end
 
       def select_output_stream
         output_klass = application.args.output_class
-
         unless output_klass && output_klass.is_a?(Class)
           raise "Can not determine output class from arguments #{opts.to_hash}"
         end
-
         self.output_proc = output_klass.new(self).output_proc
       end
 
-      def configure_color(argv)
-        if opts[:no_color]
-          Colored2.disable! # reparse options without the colors to create new help msg
-          self.opts = parse(argv.dup)
-        end
+      def command_no_color(argv)
+        Colored2.disable! # reparse options without the colors to create new help msg
+        self.opts = parse(argv.dup)
       end
 
-      def parse(arguments)
-        Slop.parse(arguments) do |o|
-          o.banner = "Sym (#{Sym::VERSION}) – encrypt/decrypt data with a private key\n".bold.white
-          o.separator 'Usage:'.yellow
-          o.separator '   # Generate a new key:'.dark
-          o.separator '   sym -g '.green.bold + '[ -p ] [ -x keychain ] [ -o keyfile | -q | ]  '.green
-          o.separator ''
-          o.separator '   # Encrypt/Decrypt '.dark
-          o.separator '   sym [ -d | -e ] '.green.bold + '[ -f <file> | -s <string> ] '.green
-          o.separator '        [ -k key | -K keyfile | -x keychain | -i ] '.green
-          o.separator '        [ -o <output file> ] '.green
-          o.separator ' '
-          o.separator '   # Edit an encrypted file in $EDITOR '.dark
-          o.separator '   sym -t -f <file> [ -b ]'.green.bold + '[ -k key | -K keyfile | -x keychain | -i ] '.green
-
-          o.separator ' '
-          o.separator 'Modes:'.yellow
-
-          o.bool '-e', '--encrypt', '           encrypt mode'
-          o.bool '-d', '--decrypt', '           decrypt mode'
-          o.bool '-t', '--edit',    '           decrypt, open an encr. file in an $EDITOR'
-
-          o.separator ' '
-          o.separator 'Create a new private key:'.yellow
-
-          o.bool '-g', '--generate',              '           generate a new private key'
-          o.bool '-p', '--password',              '           encrypt the key with a password'
-
-          if Sym::App.is_osx?
-            o.string '-x', '--keychain', '[key-name] '.blue + 'add to (or read from) the OS-X Keychain'
-          end
-
-          o.integer '-M', '--password-timeout',   '[timeout]'.blue + '  when passwords expire (in seconds)'
-          o.bool    '-P', '--no-password-cache',  '           disables caching of key passwords'
-
-          o.separator ' '
-          o.separator 'Read existing private key from:'.yellow
-          o.bool      '-i', '--interactive',      '           Paste or type the key interactively'
-          o.string    '-k', '--private-key',      '[key]   '.blue + '   private key as a string'
-          o.string    '-K', '--keyfile',          '[key-file]'.blue + ' private key from a file'
-          o.separator ' '
-          o.separator 'Data to Encrypt/Decrypt:'.yellow
-          o.string    '-s', '--string',           '[string]'.blue + '   specify a string to encrypt/decrypt'
-          o.string    '-f', '--file',             '[file]  '.blue + '   filename to read from'
-          o.string    '-o', '--output',           '[file]  '.blue + '   filename to write to'
-          o.separator ' '
-          o.separator 'Flags:'.yellow
-          o.bool      '-b', '--backup',           '           create a backup file in the edit mode'
-          o.bool      '-v', '--verbose',          '           show additional information'
-          o.bool      '-T', '--trace',            '           print a backtrace of any errors'
-          o.bool      '-D', '--debug',            '           print debugging information'
-          o.bool      '-q', '--quiet',            '           silence all output'
-          o.bool      '-V', '--version',          '           print library version'
-          o.bool      '-N', '--no-color',         '           disable color output'
-          o.separator ' '
-          o.separator 'Utility:'.yellow
-          o.string    '-a', '--bash-completion',  '[file]'.blue + '     append shell completion to a file'
-          o.separator ' '
-          o.separator 'Help & Examples:'.yellow
-          o.bool      '-E', '--examples',         '           show several examples'
-          o.bool      '-h', '--help',             '           show help'
-
-        end
+      def key_spec
+        '<key-spec>'.bold.magenta
       end
     end
   end

data/lib/sym/app/cli_slop.rb

@@ -0,0 +1,77 @@
+module Sym
+  module App
+    module CLISlop
+      def parse(arguments)
+        Slop.parse(arguments) do |o|
+
+          o.banner = "Sym (#{Sym::VERSION}) – encrypt/decrypt data with a private key\n".bold.white
+          o.separator 'Usage:'.yellow
+          o.separator '   # Generate a new key:'.dark
+          o.separator '   sym -g '.green.bold + '[ -p ] [ -x keychain | -o keyfile | -q | ]  '.green
+          o.separator ''
+          o.separator '   # To specify a key for an operation use any one of:'.dark
+          o.separator '   ' + key_spec + ' = -k key | -K file | -x keychain | -i '.green.bold
+          o.separator ''
+          o.separator '   # Encrypt/Decrypt to STDOUT or output file '.dark
+          o.separator '   sym -e '.green.bold + key_spec + ' [-f <file> | -s <string>] [-o <file>] '.green
+          o.separator '   sym -d '.green.bold + key_spec + ' [-f <file> | -s <string>] [-o <file>] '.green
+          o.separator ' '
+          o.separator '   # Edit an encrypted file in $EDITOR '.dark
+          o.separator '   sym -t '.green.bold + key_spec + '  -f <file> [ -b ]'.green.bold
+
+          o.separator ' '
+          o.separator 'Modes:'.yellow
+          o.bool      '-e', '--encrypt',            '           encrypt mode'
+          o.bool      '-d', '--decrypt',            '           decrypt mode'
+          o.bool      '-t', '--edit',               '           edit encrypted file in an $EDITOR'
+
+          o.separator ' '
+          o.separator 'Create a new private key:'.yellow
+          o.bool      '-g', '--generate',           '           generate a new private key'
+          o.bool      '-p', '--password',           '           encrypt the key with a password'
+
+          o.separator ' '
+          o.separator 'Read existing private key from:'.yellow
+          o.string    '-k', '--private-key',        '[key]     '.blue + ' private key (or key file)'
+          o.string    '-K', '--keyfile',            '[key-file]'.blue + ' private key from a file'
+          if Sym::App.is_osx?
+            o.string '-x', '--keychain',            '[key-name] '.blue + 'add to (or read from) the OS-X Keychain'
+          end
+          o.bool      '-i', '--interactive',        '           Paste or type the key interactively'
+
+          o.separator ' '
+          o.separator 'Password Cache:'.yellow
+          o.bool      '-C', '--cache-password',     '           enable the cache (off by default)'
+          o.integer   '-T', '--cache-for',          '[seconds]'.blue + '  to cache the password for'
+          o.string    '-P', '--cache-provider',     '[provider]'.blue + ' type of cache, one of: ' + "\n\t\t\t\t    " +
+            "[ #{Sym::App::Password::Providers.registry.keys.map(&:to_s).join(', ').blue.bold} ]"
+
+          o.separator ' '
+          o.separator 'Data to Encrypt/Decrypt:'.yellow
+          o.string    '-s', '--string',             '[string]'.blue + '   specify a string to encrypt/decrypt'
+          o.string    '-f', '--file',               '[file]  '.blue + '   filename to read from'
+          o.string    '-o', '--output',             '[file]  '.blue + '   filename to write to'
+
+          o.separator ' '
+          o.separator 'Flags:'.yellow
+          o.bool      '-b', '--backup',             '           create a backup file in the edit mode'
+          o.bool      '-v', '--verbose',            '           show additional information'
+          o.bool      '-A', '--trace',              '           print a backtrace of any errors'
+          o.bool      '-D', '--debug',              '           print debugging information'
+          o.bool      '-q', '--quiet',              '           do not print to STDOUT'
+          o.bool      '-V', '--version',            '           print library version'
+          o.bool      '-N', '--no-color',           '           disable color output'
+
+          o.separator ' '
+          o.separator 'Utility:'.yellow
+          o.string    '-a', '--bash-completion',    '[file]'.blue + '     append shell completion to a file'
+
+          o.separator ' '
+          o.separator 'Help & Examples:'.yellow
+          o.bool      '-E', '--examples',           '           show several examples'
+          o.bool      '-h', '--help',               '           show help'
+        end
+      end
+    end
+  end
+end

data/lib/sym/app/commands/show_help.rb

@@ -5,7 +5,6 @@ module Sym
       class ShowHelp < BaseCommand
 
         required_options :help, ->(opts) { opts.to_hash.keys.all? { |k| !opts[k] } }
-        try_after :generate_key, :open_editor, :encrypt_decrypt
 
         def execute
           opts.to_s(prefix: ' ' * 2)

data/lib/sym/app/keychain.rb

@@ -93,7 +93,7 @@ end
 
 
 #
-# Usage: add-generic-password [-a account] [-s service] [-w password] [options...] [-A|-T appPath] [keychain]
+# Usage: add-generic-password [-a account] [-s service] [-w password] [options...] [-A|--trace appPath] [keychain]
 #     -a  Specify account name (required)
 #     -c  Specify item creator (optional four-character code)
 #     -C  Specify item type (optional four-character code)
@@ -105,7 +105,7 @@ end
 #     -p  Specify password to be added (legacy option, equivalent to -w)
 #     -w  Specify password to be added
 #     -A  Allow any application to access this item without warning (insecure, not recommended!)
-#     -T  Specify an application which may access this item (multiple -T options are allowed)
+#     --trace  Specify an application which may access this item (multiple --trace options are allowed)
 #     -U  Update item if it already exists (if omitted, the item cannot already exist)
 #
 # Usage: find-generic-password [-a account] [-s service] [options...] [-g] [keychain...]

data/lib/sym/app/password/cache.rb

@@ -1,62 +1,85 @@
-require 'coin'
 require 'digest'
 require 'singleton'
 require 'colored2'
+require 'timeout'
+require 'sym/extensions/with_retry'
+require 'sym/extensions/with_timeout'
+require 'sym/configuration'
+require 'sym/app/password/providers'
 
 module Sym
   module App
     module Password
+
+      # +Provider+ is the primary implementation of the underlying cache.
+      # It should support the following API:
+      #
+      #        def initialize(*args, **opts, &block)
+      #        end
+      #
+      #        def read(key)
+      #        end
+      #
+      #        def write(key, value, expire_timeout_seconds)
+      #        end
+      #
+      # it must be intantiatable via #new
       class Cache
-        URI             = 'druby://127.0.0.1:24924'
-        DEFAULT_TIMEOUT = 300
 
         include Singleton
+        include Sym::Extensions::WithRetry
+        include Sym::Extensions::WithTimeout
 
-        attr_accessor :provider, :enabled, :timeout
-
-        def configure(provider: Coin, enabled: true, timeout: DEFAULT_TIMEOUT)
-          Coin.uri = URI if provider == Coin
-
-          self.provider = provider
-          self.enabled  = enabled
-          self.timeout  = timeout
+        attr_accessor :provider, :enabled, :timeout, :verbose
 
+        def configure(**opts)
+          self.enabled = opts[:enabled]
+          self.verbose = opts[:verbose]
+          self.timeout = opts[:timeout] || ::Sym::Configuration.config.password_cache_timeout
+          self.provider = Providers.provider(opts[:provider])
+          self.enabled = false unless self.provider
           self
         end
 
-        TRIES = 2
-
-        def operation
-          retries ||= TRIES
-          yield if self.enabled
-        rescue StandardError => e
-          if retries == TRIES && Coin.remote_uri.nil?
-            Coin.remote_uri = URI if provider == Coin
-            retries         -= 1
-            retry
-          end
-          puts 'WARNING: error reading from DRB server: ' + e.message.red
-          nil
-        end
-
-
-        def [] (key)
+        def [](key)
           cache = self
-          operation do
-            cache.provider.read(cache.md5(key))
-          end
+          operation { cache.provider.read(cache.md5(key)) }
         end
 
         def []=(key, value)
           cache = self
-          operation do
-            cache.provider.write(cache.md5(key), value, cache.timeout)
-          end
+          operation { cache.provider.write(cache.md5(key), value, cache.timeout) }
         end
 
         def md5(string)
           Digest::MD5.base64digest(string)
         end
+
+        private
+
+        def operation
+          return nil unless self.enabled
+          with_timeout(1) do
+            with_retry do
+              yield if block_given?
+            end
+          end
+        rescue Timeout::Error => e
+          error(nil, 'Password cache server timed out...')
+        rescue StandardError => e
+          error(e, 'Error connecting to password caching server...')
+        end
+
+        def error(exception = nil, message = nil)
+          if self.verbose
+            print 'WARNING: '
+            print message ? message.yellow : ''
+            print exception ? exception.message.red : ''
+            puts
+          end
+          self.enabled = false
+          nil
+        end
       end
     end
   end

data/lib/sym/app/password/providers.rb

@@ -0,0 +1,52 @@
+module Sym
+  module App
+    module Password
+      module Providers
+
+        class << self
+          attr_accessor :registry
+          attr_accessor :providers
+          attr_accessor :detected
+
+          def register(provider_class)
+            self.registry                        ||= {}
+            registry[short_name(provider_class)] = provider_class
+            self.providers                       ||= []
+            self.providers << provider_class
+          end
+
+          # Detect first instance that is "alive?" and return it.
+          def detect
+            self.detected ||= self.providers.inject(nil) do |instance, provider_class|
+              instance || (p = provider_class.new; p.alive? ? p : nil)
+            end
+          end
+
+          def provider(p = nil)
+            provider_from_argument(p) || detect
+          end
+
+          private
+
+          def short_name(klass)
+            klass.name.gsub(/.*::(\w+)Provider/, '\1').downcase.to_sym
+          end
+
+          def provider_from_argument(p)
+            case p
+              when String, Symbol
+                provider_class_name = "#{p.to_s.capitalize}Provider"
+                Sym::App::Password::Providers.const_defined?(provider_class_name) ?
+                  Sym::App::Password::Providers.const_get(provider_class_name).new :
+                  nil
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+# Order is important — they are tried in this order for auto detect
+require 'sym/app/password/providers/memcached_provider'
+require 'sym/app/password/providers/drb_provider'

data/lib/sym/app/password/providers/drb_provider.rb

@@ -0,0 +1,35 @@
+require 'coin'
+require 'sym/app/password/providers'
+
+module Sym
+  module App
+    module Password
+      module Providers
+        class DrbProvider
+
+          attr_accessor :coin
+
+          def initialize
+            Coin.uri  = Sym::Configuration.config.password_cache_arguments[:drb][:opts][:uri]
+            self.coin = Coin
+          end
+
+          def alive?
+            self.read('bogus') rescue nil
+            self.coin.server_running?
+          end
+
+          def write(*args)
+            coin.server.send(:write, *args)
+          end
+
+          def read(*args)
+            coin.send(:read, *args)
+          end
+        end
+
+        register DrbProvider
+      end
+    end
+  end
+end

data/lib/sym/app/password/providers/memcached_provider.rb

@@ -0,0 +1,42 @@
+require 'forwardable'
+require 'dalli'
+require 'sym/app/password/cache'
+
+module Sym
+  module App
+    module Password
+      module Providers
+        class MemcachedProvider
+          attr_accessor :dalli
+
+          def initialize
+            # disable logging
+            Dalli.logger = Sym::LOGGER
+            self.dalli = ::Dalli::Client.new(
+              * Sym::Configuration.config.password_cache_arguments[:memcached][:args],
+              ** Sym::Configuration.config.password_cache_arguments[:memcached][:opts]
+            )
+          end
+
+          def alive?
+            dalli.alive!
+            true
+          rescue Dalli::RingError => e
+            false
+          end
+
+          def read(key)
+            dalli.get(key)
+          end
+
+          def write(key, value, *)
+            dalli.set(key, value)
+          end
+
+        end
+
+        register MemcachedProvider
+      end
+    end
+  end
+end

data/lib/sym/application.rb

@@ -103,9 +103,10 @@ module Sym
 
     def initialize_password_cache
       args            = {}
-      args[:provider] = Coin
-      args[:timeout]  = opts[:password_timeout].to_i if opts[:password_timeout]
-      args[:enabled]  = false if opts[:no_password_cache]
+      args[:timeout]  = opts[:cache_for].to_i if opts[:cache_for]
+      args[:enabled]  = opts[:cache_password]
+      args[:verbose]  = opts[:verbose]
+      args[:provider] = opts[:cache_provider] if opts[:cache_provider]
 
       self.password_cache = Sym::App::Password::Cache.instance.configure(args)
     end

data/lib/sym/configuration.rb

@@ -33,7 +33,11 @@ module Sym
       end
     end
 
+    # See file +lib/sym.rb+ where these values are defined.
+
     attr_accessor :data_cipher, :password_cipher, :private_key_cipher
     attr_accessor :compression_enabled, :compression_level
+    attr_accessor :password_cache_default_provider, :password_cache_timeout
+    attr_accessor :password_cache_arguments
   end
 end

data/lib/sym/extensions/with_retry.rb

@@ -0,0 +1,17 @@
+module Sym
+  module Extensions
+    module WithRetry
+
+      def with_retry(retries: 3, fail_block: nil, &block)
+        attempts = 0
+        yield if block_given?
+      rescue StandardError => e
+        raise(e) if attempts >= retries
+        fail_block.call if fail_block
+        attempts += 1
+        retry
+      end
+    end
+  end
+end
+

data/lib/sym/extensions/with_timeout.rb

@@ -0,0 +1,14 @@
+module Sym
+  module Extensions
+    module WithTimeout
+
+      def with_timeout(timeout = 3)
+        status = Timeout::timeout(timeout) {
+          yield if block_given?
+        }
+      end
+
+    end
+  end
+end
+

data/lib/sym/version.rb

@@ -1,5 +1,5 @@
 module Sym
-  VERSION = '2.1.2'
+  VERSION = '2.2.0'
   DESCRIPTION = <<-eof
     Sym is a command line utility and a Ruby API that makes it trivial to encrypt and decrypt 
     sensitive data. Unlike many other existing encryption tools, sym focuses on usability and 

data/sym.gemspec

@@ -38,6 +38,7 @@ EOF
   spec.add_dependency 'activesupport'
   spec.add_dependency 'highline', '~> 1.7'
   spec.add_dependency 'coin', '~> 0.1.8'
+  spec.add_dependency 'dalli', '~> 2.7'
 
   spec.add_development_dependency 'codeclimate-test-reporter', '~> 1.0'
   spec.add_development_dependency 'simplecov'
@@ -45,5 +46,6 @@ EOF
   spec.add_development_dependency 'bundler', '~> 1'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec', '~> 3'
+  spec.add_development_dependency 'rspec-its'
   spec.add_development_dependency 'yard'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sym
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.2.0
 platform: ruby
 authors:
 - Konstantin Gredeskoul
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-02-11 00:00:00.000000000 Z
+date: 2017-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colored2
@@ -80,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.1.8
+- !ruby/object:Gem::Dependency
+  name: dalli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +178,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3'
+- !ruby/object:Gem::Dependency
+  name: rspec-its
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
@@ -217,6 +245,7 @@ files:
 - lib/sym/app.rb
 - lib/sym/app/args.rb
 - lib/sym/app/cli.rb
+- lib/sym/app/cli_slop.rb
 - lib/sym/app/commands.rb
 - lib/sym/app/commands/base_command.rb
 - lib/sym/app/commands/bash_completion.rb
@@ -237,6 +266,9 @@ files:
 - lib/sym/app/output/noop.rb
 - lib/sym/app/output/stdout.rb
 - lib/sym/app/password/cache.rb
+- lib/sym/app/password/providers.rb
+- lib/sym/app/password/providers/drb_provider.rb
+- lib/sym/app/password/providers/memcached_provider.rb
 - lib/sym/app/private_key/base64_decoder.rb
 - lib/sym/app/private_key/decryptor.rb
 - lib/sym/app/private_key/detector.rb
@@ -253,6 +285,8 @@ files:
 - lib/sym/errors.rb
 - lib/sym/extensions/class_methods.rb
 - lib/sym/extensions/instance_methods.rb
+- lib/sym/extensions/with_retry.rb
+- lib/sym/extensions/with_timeout.rb
 - lib/sym/version.rb
 - sym-3.0-cli.md
 - sym.gemspec