sym 2.4.3 → 2.5.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2c1acdb6cfcceef2df7e797519901ebec2105abf
4
- data.tar.gz: 207fef73284f1ed1cad87b2112dbd3bba6615ee1
3
+ metadata.gz: 919e73e972d6bf773f1dd3d41c5d3ced53769d6e
4
+ data.tar.gz: 14fea598ef6e71bf34daa3efe958fee42ae15c9b
5
5
  SHA512:
6
- metadata.gz: 2064567295f89592911ce4f3cc105a11ed679286bc3345a5743700d60ec5facd8895ab97f35eb5fb9eb1f5c5a640ec2e5973fcdefd2c8b419698bd117e8e3984
7
- data.tar.gz: 8a55697cf80cfdde490558404ca3c52533798e1446b40226e40e66511b81e6f8c49e270309104302712bf7751ec5dccf77af84943681a868ecd3d0facaec9880
6
+ metadata.gz: 8691a7efbd04c1ff7aa305dcc7b7b9dfbd13ca1e9f7fcf3693b35f5eea54f8fc91b48ecec1d9d9df4c1a8032eb200d4129b9f86fd0c6f8bc376619015287bcee
7
+ data.tar.gz: f78c6e6fb38dc1c6e9be492b1ebd5d76807b832b4d7ee3b58e0d6bfe8bf878d705966925104900fb1a4f2deb1f67fffbecab8ff8e28388ef11f1545f562360af
@@ -2,7 +2,18 @@
2
2
 
3
3
  ## [HEAD](https://github.com/kigster/sym/tree/HEAD)
4
4
 
5
- [Changes since the last tag](https://github.com/kigster/sym/compare/v2.3.0...HEAD)
5
+ [Changes since the last tag](https://github.com/kigster/sym/compare/v2.5.0...HEAD)
6
+
7
+ ## [v2.5.0](https://github.com/kigster/sym/tree/v2.5.0) (2017-02-28)
8
+ [Full Changelog](https://github.com/kigster/sym/compare/v2.4.3...v2.5.0)
9
+
10
+ * Updated README
11
+ * Remove `-M` flag; make `SYM_ARGS` environment be only used when `-A` flag is supplied
12
+ * Change `--bash-completion` to use `-B`
13
+ * Major fix up for sym.completion
14
+ * New file `exe/symit` for transparently editing secrets
15
+ * Reworked `Sym::Application`, removed `--dictionary`, and simplified argument parsing.
16
+ * Refactored `output_proc` to live in `application`.
6
17
 
7
18
  ## [v2.4.2](https://github.com/kigster/sym/tree/v2.4.2) (2017-02-28)
8
19
  [Full Changelog](https://github.com/kigster/sym/compare/v2.4.1...v2.4.2)
data/README.md CHANGED
@@ -52,24 +52,26 @@ So how does `sym` substantiate its claim that it *streamlines* the encryption pr
52
52
 
53
53
  As you can see, we really tried to build a tool that provides good security for application secrets, including password-based encryption, but does not annoyingly ask for password every time. With `--edit` option, and `--negate` options you can treat encrypted files like regular files.
54
54
 
55
- > Encrypting application secrets had never been easier! –– Socrates.
55
+ > Encrypting application secrets had never been easier! –– Socrates [LOL, -ed.]
56
56
 
57
57
  ### How It Works
58
58
 
59
59
  1. You generate a new encryption key, that will be used to both encrypt and decrypt the data. The key is 256 bits, or 32 bytes, or 45 bytes when base64-encoded, and can be generated with `sym -g`.
60
60
  * You can optionally password protect the key with `sym -gp`
61
- * You can save the key into a file `sym -gpo key-file`
62
- * Or you can save it into the OS-X Keychain, with `sym -gpcx keychain-name`, while caching its password for a period of time.
63
- * or you can print it to STDOUT, which is the default.
61
+ * You can save the key into a file with `sym -gpo key-file`
62
+ * Or you can save it into the OS-X Keychain, with `sym -gpx keychain-name`
63
+ * You can also cache the password, with `sym -gpcx keychain-name`
64
+ * Normally, `sym` will also print the resulting key to STDOUT.
65
+ * You can prevent the key from being printed to STDOUT with `-q/--quiet`.
64
66
  2. You then take a piece of sensitive __data__ that you want to encrypt. This can be a file or a string.
65
- 3. You can then use the key to encrypt sensitive __data__, with `sym -e [key-option] [data-option]`, passing it the key in several accepted ways. Smart flag `-k` automatically interpretes the source of the key, by trying:
67
+ 3. You can then use the key to encrypt sensitive __data__, with `sym -e [key-spec] [data-spec]`, passing it the key in several accepted ways. Smart flag `-k` automatically interpretes the source of the key, by trying:
66
68
  * a file with a pathname.
67
69
  * or environment variable
68
70
  * or OS-X Keychain password entry
69
71
  * or you can paste the key interactively with `-i`
70
72
  4. Input data can be read from a file with `-f file`, or read from STDIN, or a passed on the command line with `-s string`
71
73
  4. Output is the encrypted data, which is printed to STDOUT by the default, or it can be saved to a file with `-o <file>`
72
- 5. Encrypted file can be later decrypted with `sym -d [key-option] [data-option]`
74
+ 5. Encrypted file can be later decrypted with `sym -d [key-spec] [data-spec]`
73
75
 
74
76
  Sample session that uses Mac OS-X Keychain to store the password-protected key.
75
77
 
@@ -178,15 +180,15 @@ Or create a password-protected key (`-p`), and save it to a file (`-o`), cache t
178
180
 
179
181
  ##### Key Sources
180
182
 
181
- You can subsequently use the private key by passing either:
183
+ You can subsequently use the private key by passing either of these options to the `-k` flag (*sym attempts to resolve the key automatically, by trying each option and moving to the next until the key is found*):
182
184
 
183
- 1. the `-k key` flag, where key is either:
184
- * a file
185
+ 1. the `-k value` flag, where the *value* is one of:
186
+ * a file path
185
187
  * an environment variable name
186
- * an actual base64-encoded key
188
+ * an actual base64-encoded key (not recommended for security reasons)
187
189
  * a keychain name
188
190
  2. pasting or typing the key with the `-i` (interactive) flag
189
- 3. a default key file, in your home folder, `~/.sym.key`, used only when no other flags passed in.
191
+ 3. a default key file, in your home folder, `~/.sym.key`, used only when no other flags were passed in.
190
192
 
191
193
  #### Using KeyChain Access on Mac OS-X
192
194
 
@@ -197,13 +199,14 @@ Apple had released a `security` command line tool, which this library uses to se
197
199
  * The private key won't be lying around your file system unencrypted, so if your Mac is ever stolen, you don't need to worry about the keys running wild.
198
200
  * If you sync your keychain with the iCloud you will have access to it on other machines
199
201
 
200
- To activate the KeyChain mode on the Mac, use `-x <key-name>` flag with `-g` flag when generating a key. The `key name` is what you call this particular key, based on how you plan to use it. For example, you may call it `staging`, etc.
202
+ As mentioned previously, to add the key to the KeyChain on the Mac, use `-x <key-name>` flag with `-g` flag when generating a key. The `key name` is what you call this particular key, based on how you plan to use it. For example, you may call it `staging`, etc.
201
203
 
202
204
  The following command generates the private key and immediately stores it in the KeyChain access under the name provided:
203
205
 
204
- sym -gx staging
206
+ sym -gx staging # the key is passwordless
207
+ sym -gpcx staging # this key is password protected, with the password cached
205
208
 
206
- Now, whenever you need to encrypt something you can specify the key with `-x staging`.
209
+ Next, whenever you need to *use* this key, you can specify the key with `-k staging`.
207
210
 
208
211
  Finally, you can delete a key from KeyChain access by running:
209
212
 
@@ -253,17 +256,17 @@ You can optionally store frequently used flags for `sym` in the `SYM_ARGS` envir
253
256
  export SYM_ARGS="-cx production"
254
257
  ```
255
258
 
256
- This will always be appended to the command line, and so to encrypt/decrypt anything with password caching enabled and using that particular key, you would simply type:
259
+ This will be automatically appended to the command line if the `-A/--sym-args` flag is provided, and so to encrypt/decrypt anything with password caching enabled and using that particular key, you would simply type:
257
260
 
258
261
  ```bash
259
262
  # -cx production are added from SYM_ARGS
260
- sym -ef file -o file.enc
263
+ sym -Aef file -o file.enc
261
264
 
262
265
  # And to decrypt:
263
- sym -df file.enc -o file.original
266
+ sym -Adf file.enc -o file.original
264
267
 
265
268
  # Or edit the encrypted file:
266
- sym -tf file.enc
269
+ sym -Atf file.enc
267
270
  ```
268
271
 
269
272
  #### Complete CLI Usage
@@ -271,34 +274,42 @@ sym -tf file.enc
271
274
  This may be a good time to take a look at the full help message for the `sym` tool, shown naturally with a `-h` or `--help` option.
272
275
 
273
276
  ```
274
- Sym (2.4.1) – encrypt/decrypt data with a private key
277
+ Sym (2.5.0) – encrypt/decrypt data with a private key
275
278
 
276
279
  Usage:
277
280
  # Generate a new key, optionally password protected, and save it
278
281
  # in one of: keychain, file, or STDOUT (-q turns off STDOUT)
279
282
  sym -g [ -p/--password ] [ -x keychain | -o file | ] [ -q ]
280
283
 
284
+ # To specify encryption key, provide the key as
285
+ # 1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable name
286
+ # 5) use -i to paste/type the key interactively
287
+ # 6) default key file (if present) at /Users/kig/.sym.key
288
+ KEY-SPEC = -k/--key [ key | file | keychain | environment_variable ]
289
+ -i/--interactive
281
290
 
282
291
  # Encrypt/Decrypt from STDIN/file/args, to STDOUT/file:
283
- sym -e/--encrypt <key-spec> [-f [file | - ] | -s string ] [-o file]
284
- sym -d/--decrypt <key-spec> [-f [file | - ] | -s string ] [-o file]
292
+ sym -e/--encrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file]
293
+ sym -d/--decrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file]
294
+
295
+ # Auto-detect mode based on a special file extension ".enc"
296
+ sym -n/--negate KEY-SPEC file[.enc]
285
297
 
286
298
  # Edit an encrypted file in $EDITOR
287
- sym -t/--edit <key-spec> -f file [ -b/--backup ]
299
+ sym -t/--edit KEY-SPEC -f file [ -b/--backup ]
288
300
 
289
- # Specify any common flags in the BASH variable. Here we
290
- # specify KeyChain name "staging" and turn on password caching
301
+ # Save commonly used flags in a BASH variable. Below we save the KeyChain
302
+ # "staging" as the default key name, and enable password caching.
291
303
  export SYM_ARGS="-ck staging"
292
-
293
- # And now encrypt using default key location /Users/kig/.sym.key
294
- sym -e -f file
295
- # May need to disable SYM_ARGS with -M, eg for help:
296
- sym -h -M
304
+ # Then activate $SYM_ARGS by using -A/--sym-args flag:
305
+ sym -Aef file
297
306
 
298
307
  Modes:
299
308
  -e, --encrypt encrypt mode
300
309
  -d, --decrypt decrypt mode
301
310
  -t, --edit edit encrypted file in an $EDITOR
311
+ -n, --negate [file] encrypts any regular file into file.enc
312
+ conversely decrypts file.enc into file.
302
313
 
303
314
  Create a new private key:
304
315
  -g, --generate generate a new private key
@@ -318,8 +329,6 @@ Data to Encrypt/Decrypt:
318
329
  -s, --string [string] specify a string to encrypt/decrypt
319
330
  -f, --file [file] filename to read from
320
331
  -o, --output [file] filename to write to
321
- -n, --negate [file] encrypts any regular file into file.enc
322
- conversely decrypts file.enc into file.
323
332
 
324
333
  Flags:
325
334
  -b, --backup create a backup file in the edit mode
@@ -329,15 +338,14 @@ Flags:
329
338
  -D, --debug print debugging information
330
339
  -V, --version print library version
331
340
  -N, --no-color disable color output
332
- -M, --no-environment disable reading flags from SYM_ARGS
341
+ -A, --sym-args read more CLI arguments from $SYM_ARGS
333
342
 
334
343
  Utility:
335
- -a, --bash-completion [file] append shell completion to a file
344
+ -B, --bash-completion [file] append shell completion to a file
336
345
 
337
346
  Help & Examples:
338
347
  -E, --examples show several examples
339
348
  -h, --help show help
340
-
341
349
  ```
342
350
 
343
351
  ### CLI Usage Examples
@@ -5,36 +5,27 @@
5
5
  # © 2015-2016, Konstantin Gredeskoul, https://github.com/kigster/sym
6
6
  # MIT LICENSE
7
7
  #
8
- [[ -z "$(type _filedir 2>/dev/null)" ]] && {
9
- _filedir ()
10
- {
11
- local i IFS='
12
- ' xspec;
13
- _tilde "$cur" || return 0;
14
- local -a toks;
15
- local quoted tmp;
16
- _quote_readline_by_ref "$cur" quoted;
17
- toks=(${toks[@]-} $(
18
- compgen -d -- "$cur" | {
19
- while read -r tmp; do
20
- # TODO: I have removed a "[ -n $tmp ] &&" before 'printf ..',
21
- # and everything works again. If this bug suddenly
22
- # appears again (i.e. "cd /b<TAB>" becomes "cd /"),
23
- # remember to check for other similar conditionals (here
24
- # and _filedir_xspec()). --David
25
- printf '%s\n' $tmp
26
- done
27
- }
28
- ));
29
- if [[ "$1" != -d ]]; then
30
- [[ ${BASH_VERSINFO[0]} -ge 4 ]] && xspec=${1:+"!*.@($1|${1^^})"} || xspec=${1:+"!*.@($1|$(printf %s $1 | tr '[:lower:]' '[:upper:]'))"};
31
- toks=(${toks[@]-} $( compgen -f -X "$xspec" -- $quoted));
32
- fi;
33
- [ ${#toks[@]} -ne 0 ] && _compopt_o_filenames;
34
- COMPREPLY=("${COMPREPLY[@]}" "${toks[@]}")
35
- }
8
+
9
+ declare -a bash_completion_locations=(/usr/local/etc/bash_completion /usr/etc/bash_completion /etc/bash_completion)
10
+ loaded=false
11
+ for file in ${bash_completion_locations[@]}; do
12
+ [[ -s $file ]] && {
13
+ source $file
14
+ break
15
+ }
16
+ done
17
+
18
+ _sym_long_opts() {
19
+ sym -h | grep -- '--' | egrep '^ -' | awk '{print $2}' | sort
36
20
  }
37
21
 
22
+ _sym_short_opts() {
23
+ sym -h | grep -- '--' | egrep '^ -' | awk '{print $1}' | sed 's/,//g' | sort
24
+ }
25
+
26
+ unset _SYM_COMP_LONG_OPTIONS
27
+ unset _SYM_COMP_SHORT_OPTIONS
28
+
38
29
  _sym()
39
30
  {
40
31
  local cur prev shell i path
@@ -46,33 +37,33 @@ _sym()
46
37
  _expand || return 0
47
38
 
48
39
  case "$prev" in
49
- --@(key|file|output|negate))
50
- _filedir
51
- return 0
52
- ;;
53
- -@(f|k|o|n))
54
- _filedir
55
- return 0
56
- ;;
40
+ --@(key|file|output|negate))
41
+ _filedir
42
+ return 0
43
+ ;;
44
+ -@(f|k|o|n))
45
+ _filedir
46
+ return 0
47
+ ;;
57
48
  esac
58
49
 
59
50
  case "$cur" in
60
- --*)
61
- export DICT_SYM_COMP_LONG_OPTIONS=${DICT_SYM_COMP_LONG_OPTIONS:-$(sym -hM | grep -- '--' | egrep '^ -' | awk '{print $2}')}
62
- COMPREPLY=( $( compgen -W "$DICT_SYM_COMP_LONG_OPTIONS" -- "$cur" ))
63
- ;;
64
- -*)
65
- export DICT_SYM_COMP_OPTIONS=${DICT_SYM_COMP_OPTIONS:-$(sym --dictionary | sed -E 's/ /\n/g')}
66
- COMPREPLY=( $( compgen -W "$DICT_SYM_COMP_OPTIONS" -- "$cur" ))
67
- ;;
68
- *)
69
- _filedir
70
- ;;
51
+ --*)
52
+ export _SYM_COMP_LONG_OPTIONS=${_SYM_COMP_LONG_OPTIONS:-$(_sym_long_opts)}
53
+ COMPREPLY=($( compgen -W "$_SYM_COMP_LONG_OPTIONS" -- "$cur" ))
54
+ ;;
55
+ -*)
56
+ export _SYM_COMP_SHORT_OPTIONS=${_SYM_COMP_SHORT_OPTIONS:-$(_sym_short_opts)}
57
+ COMPREPLY=($( compgen -W "$_SYM_COMP_SHORT_OPTIONS" -- "$cur" ))
58
+ ;;
59
+ *)
60
+ _filedir
61
+ ;;
71
62
  esac
72
63
 
73
64
  return 0
74
65
  } &&
75
- complete -F _sym $nospace $filenames sym
66
+ complete -F _sym $nospace $filenames sym
76
67
 
77
68
  # Local variables:
78
69
  # mode: shell-script
@@ -0,0 +1,168 @@
1
+ #!/usr/bin/env bash
2
+ #
3
+ #
4
+ # (c) 2017 Konstantin Gredeskoul
5
+ # MIT License, distributed as part of `sym` ruby gem
6
+ #
7
+ # https://github.com/kigster/sym
8
+ #
9
+ #====================================================================================
10
+ # Purpuse of this script is to transparently edit application secrets in a Rails app.
11
+ #
12
+ # Modify the `default*` variables below and then you can use the script like so:
13
+ #
14
+ # bin/secred <production | staging | development> [ key-spec ]
15
+ #
16
+ #
17
+ # SET THE VALUE BELOW WITH THE NAME OF YOUR KEY (actual key, environment variable,
18
+ # keychain name, etc)
19
+
20
+ [[ -n $1 && ${1:0:1} != "-" ]] && {
21
+ encrypted_file=$1
22
+ shift
23
+ }
24
+
25
+ symit::init() {
26
+ symit::install
27
+
28
+ export default_key=
29
+ export default_extension="yml.enc"
30
+ export default_folder=config/settings/secrets
31
+
32
+ export true=1
33
+ export false=0
34
+
35
+ export txtrst='\e[0m' # Text Reset
36
+ export bldred='\e[1;31m' # Red
37
+ export bldgrn='\e[1;32m' # Green
38
+ export bldylw='\e[1;33m' # Yellow
39
+ export bldblu='\e[1;34m' # Blue
40
+
41
+ unset cli__opts
42
+ declare -A cli__opts=(
43
+ [verbose]=${true}
44
+ [key]=${default_key}
45
+ [extension]=${default_extension}
46
+ [dry_run]=${false}
47
+ )
48
+ }
49
+
50
+ symit::usage() {
51
+ printf "${bldblu}symit: ${txtrst}edit an encrypted file using a pre-defined key\n\n"
52
+
53
+ printf " Usage: ${bldgrn}symit ${bldylw}[file-spec] [options]${txtrst}\n\n"
54
+
55
+ printf " # To edit an encrypted file config/settings/secrets/development.yml.enc${txtrst}\n"
56
+ printf " ${bldgrn}symit${bldylw} development${txtrst}\n\n"
57
+
58
+ printf "options: \n"
59
+ printf " -k | --key [key-spec] Pass an alternative key, other than ${default_key}\n"
60
+ printf " -x | --extension [extension] Pass an alternative default extension, other than ${bldylw}${default_extension}${txtrst}\n"
61
+ printf " -l | --locations Print locations where [file-spec] is searched\n"
62
+ printf " -h | --help Show this help message\n"
63
+ printf " -n | --dry-run Show the generated sym command\n"
64
+ exit 1
65
+ }
66
+
67
+ symit::error() {
68
+ printf "${bldred}error: $* ${bldylw}\n"
69
+ exit 255
70
+ }
71
+
72
+ symit::install() {
73
+ if [[ -z "${_symit__installed}" ]] ; then
74
+ [[ -n "$(gem list | grep sym)" ]] || gem install sym
75
+ [[ -z $(sym -h 2>&1 | grep -- '-k, --key' | grep keychain) ]] && {
76
+ printf "detected missing or an older version of ${bldgrn}sym${txtrst}... upgrading...\n"
77
+ echo y | gem uninstall sym -a 2>/dev/null
78
+ gem install sym --verbose
79
+ }
80
+ fi
81
+ }
82
+
83
+ symit::show_locations() {
84
+ printf "Search path: \n"
85
+ for loc in ${locations[@]}; do
86
+ printf " - ${loc}\n"
87
+ done
88
+ }
89
+
90
+
91
+ symit::locs() {
92
+ if [[ -n ${encrypted_file} ]]; then
93
+ declare -a locations=("${default_folder}/${encrypted_file}.${default_extension}"
94
+ "${default_folder}/${encrypted_file}"
95
+ "${encrypted_file}")
96
+ fi
97
+ echo -n ${locations[*]}
98
+ }
99
+
100
+ symit::init
101
+
102
+ [[ -z ${encrypted_file} && -z $* ]] && symit::usage
103
+
104
+ while :; do
105
+ case $1 in
106
+ -h|-\?|--help)
107
+ shift
108
+ symit::usage
109
+ ;;
110
+
111
+ -k|--key)
112
+ shift
113
+ [[ -n $1 ]] || symit::error "-k/--key requires an argument"
114
+ cli__opts[key]=$1
115
+ ;;
116
+
117
+ -x|--extension)
118
+ shift
119
+ [[ -n $1 ]] || symit::error "-x/--extension requires an argument"
120
+ cli__opts[extension]=$1
121
+ ;;
122
+
123
+ -l|--locations)
124
+ shift
125
+ [[ -n ${encrypted_file} ]] || symit::error "-l/--locations requires file-spec to be provided as the 1st argument"
126
+ declare -a locations=$(symit::locs)
127
+ symit::show_locations
128
+ exit 0
129
+ ;;
130
+ -n|--dry-run)
131
+ shift
132
+ cli__opts[dry_run]=${true}
133
+ ;;
134
+
135
+ --) # End of all options.
136
+ shift
137
+ break
138
+ ;;
139
+ -?*)
140
+ printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
141
+ exit 127
142
+ shift
143
+ ;;
144
+ *) # Default case: If no more options then break out of the loop.
145
+ break
146
+ shift
147
+ esac
148
+ done
149
+
150
+ declare -a locations=$(symit::locs)
151
+
152
+ file=
153
+ for loc in ${locations[@]}; do
154
+ if [[ -s "${loc}" ]] ; then
155
+ file=${loc}
156
+ break
157
+ fi
158
+ done
159
+
160
+ [[ -z $file ]] && symit::error "${encrypted_file} could not be found."
161
+
162
+ command="sym -ck $cli__opts[key] -tf ${file}"
163
+
164
+ ${cli_opts[dry_run]} && printf "[dry_run] "
165
+
166
+ printf "${bldgrn}${command}${txtrst}\n"
167
+
168
+ ${cli_opts[dry_run]} || ${command}
@@ -56,48 +56,51 @@ module Sym
56
56
  # brings in #parse(Array[String] args)
57
57
  include CLISlop
58
58
 
59
- attr_accessor :opts, :application, :outputs, :output_proc
59
+ attr_accessor :opts, :application, :outputs
60
60
 
61
61
  def initialize(argv)
62
62
  begin
63
- argv << args_from_environment(argv)
64
- argv.flatten!
65
- argv.compact!
66
- argv_original = argv.dup
67
- # Re-map any leg acy options to the new options
68
- argv = CLI.replace_argv(argv)
69
- dict = argv.delete('--dictionary')
63
+
64
+ # Re-map any legacy options to the new options
70
65
  self.opts = parse(argv)
71
- command_dictionary if dict
66
+ if opts[:sym_args]
67
+ append_sym_args(argv)
68
+ self.opts = parse(argv)
69
+ end
70
+
71
+ # Disable coloring if requested, or if piping STDOUT
72
+ if opts[:no_color] || !STDOUT.tty?
73
+ Colored2.disable! # reparse options without the colors to create new help msg
74
+ self.opts = parse(argv)
75
+ end
76
+
72
77
  rescue StandardError => e
78
+ log :error, "#{e.message}" if opts
73
79
  error exception: e
74
80
  return
75
81
  end
76
82
 
77
- # Disable coloring if requested, or if piping STDOUT
78
- if opts[:no_color] || !STDOUT.tty?
79
- command_no_color(argv_original)
80
- end
81
-
82
83
  self.application = ::Sym::Application.new(opts)
83
- select_output_stream
84
84
  end
85
85
 
86
- def args_from_environment(argv)
87
- env_args = ENV[Sym::Constants::ENV_ARGS_VARIABLE_NAME]
88
- if env_args && !(argv.include?('-M') or argv.include?('--no-environment'))
89
- env_args.split(' ')
90
- else
91
- []
86
+ def append_sym_args(argv)
87
+ if env_args = sym_args
88
+ argv << env_args.split(' ')
89
+ argv.flatten!
90
+ argv.compact!
92
91
  end
93
92
  end
94
93
 
94
+ def sym_args
95
+ ENV[Sym::Constants::ENV_ARGS_VARIABLE_NAME]
96
+ end
97
+
95
98
  def execute
96
99
  return Sym::App.exit_code if Sym::App.exit_code != 0
97
100
  result = application.execute
98
101
  case result
99
102
  when Hash
100
- self.output_proc = ::Sym::App::Args.new({}).output_class
103
+ self.output_proc ::Sym::App::Args.new({}).output_class
101
104
  error(result)
102
105
  else
103
106
  self.output_proc.call(result)
@@ -109,46 +112,21 @@ module Sym
109
112
  @command ||= self.application&.command
110
113
  end
111
114
 
115
+ def output_proc(proc = nil)
116
+ self.application&.output = proc if proc
117
+ self.application&.output
118
+ end
119
+
112
120
  def opts_present
113
121
  o = opts.to_hash
114
122
  o.keys.map { |k| opts[k] ? nil : k }.compact.each { |k| o.delete(k) }
115
123
  o
116
124
  end
117
125
 
118
- class << self
119
- # Re-map any legacy options to the new options
120
- ARGV_FLAG_REPLACE_MAP = {
121
- 'C' => 'c'
122
- }
123
-
124
- def replace_regex(from)
125
- %r{^-([\w]*)#{from}([\w]*)$}
126
- end
127
-
128
- def replace_argv(argv)
129
- argv = argv.dup
130
- replacements = []
131
- ARGV_FLAG_REPLACE_MAP.each_pair do |from, to|
132
- argv.map! do |a|
133
- match = replace_regex(from).match(a)
134
- if match
135
- replacements << from
136
- "-#{match[1]}#{to}#{match[2]}"
137
- else
138
- a
139
- end
140
- end
141
- end
142
- argv
143
- end
144
- end
145
-
146
126
  private
147
127
 
148
- def command_dictionary
149
- options = opts.parser.unused_options + opts.parser.used_options
150
- puts options.map(&:to_s).sort.map { |o| "-#{o[1]}" }.join(' ')
151
- exit 0
128
+ def log(*args)
129
+ Sym::App.log(*args, **(opts.to_hash))
152
130
  end
153
131
 
154
132
  def error(hash)
@@ -157,22 +135,6 @@ module Sym
157
135
  Sym::App.error(**hash)
158
136
  end
159
137
 
160
- def select_output_stream
161
- output_klass = application.args.output_class
162
- unless output_klass && output_klass.is_a?(Class)
163
- raise "Can not determine output class from arguments #{opts.to_hash}"
164
- end
165
- self.output_proc = output_klass.new(application.opts).output_proc
166
- end
167
-
168
- def command_no_color(argv)
169
- Colored2.disable! # reparse options without the colors to create new help msg
170
- self.opts = parse(argv.dup)
171
- end
172
-
173
- def key_spec
174
- '<key-spec>'.bold.magenta
175
- end
176
138
  end
177
139
  end
178
140
  end
@@ -14,11 +14,11 @@ module Sym
14
14
  o.separator ' sym -g '.green.bold + '[ -p/--password ] [ -x keychain | -o file | ] [ -q ] '.green
15
15
  o.separator ''
16
16
  o.separator ' # To specify encryption key, provide the key as '.dark
17
- o.separator ' # 1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable, '.dark
18
- o.separator ' # 5) use -i to paste/type the key, 6) default key file, if present.'.dark
19
- o.separator ' ' + key_spec + ' = -k/--key [ key | file | keychain | env ]'.green.bold
20
- o.separator ' -i/--interactive'.green.bold
21
-
17
+ o.separator ' # 1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable name '.dark
18
+ o.separator ' # 5) use -i to paste/type the key interactively'.dark
19
+ o.separator ' # 6) default key file (if present) at '.dark + Sym.default_key_file.magenta.bold
20
+ o.separator ' ' + key_spec + ' = -k/--key [ key | file | keychain | environment_variable ]'.green.bold
21
+ o.separator ' -i/--interactive'.green.bold
22
22
  o.separator ''
23
23
  o.separator ' # Encrypt/Decrypt from STDIN/file/args, to STDOUT/file:'.dark
24
24
  o.separator ' sym -e/--encrypt '.green.bold + key_spec + ' [-f [file | - ] | -s string ] [-o file] '.green
@@ -29,23 +29,20 @@ module Sym
29
29
  o.separator ' '
30
30
  o.separator ' # Edit an encrypted file in $EDITOR '.dark
31
31
  o.separator ' sym -t/--edit '.green.bold + key_spec + ' -f file [ -b/--backup ]'.green.bold
32
-
33
32
  o.separator ' '
34
- o.separator ' # Save commonly used flags in a BASH variable. Below we save KeyChain '.dark
35
- o.separator ' # "staging" as the default key source, and enable password caching.'.dark
33
+ o.separator ' # Save commonly used flags in a BASH variable. Below we save the KeyChain '.dark
34
+ o.separator ' # "staging" as the default key name, and enable password caching.'.dark
36
35
  o.separator ' export SYM_ARGS="'.green + '-ck staging'.bold.green + '"'.green
37
- o.separator ' '
38
- o.separator ' # And now encrypt using default key location '.dark + Sym.default_key_file.magenta.bold
39
- o.separator ' sym -e '.green.bold '-f file'.green.bold
40
- o.separator ' # May need to disable SYM_ARGS with -M, eg for help:'.dark
41
- o.separator ' sym -h -M '.green.bold
36
+ o.separator ' # Then activate $SYM_ARGS by using -A/--sym-args flag:'.dark
37
+ o.separator ' sym -Aef '.green.bold 'file'.green.bold
42
38
 
43
39
  o.separator ' '
44
40
  o.separator 'Modes:'.yellow
45
41
  o.bool '-e', '--encrypt', ' encrypt mode'
46
42
  o.bool '-d', '--decrypt', ' decrypt mode'
47
43
  o.bool '-t', '--edit', ' edit encrypted file in an $EDITOR'
48
-
44
+ o.string '-n', '--negate', '[file] '.blue + " encrypts any regular #{'file'.green} into #{'file.enc'.green}" + "\n" +
45
+ " conversely decrypts #{'file.enc'.green} into #{'file'.green}."
49
46
  o.separator ' '
50
47
  o.separator 'Create a new private key:'.yellow
51
48
  o.bool '-g', '--generate', ' generate a new private key'
@@ -70,8 +67,6 @@ module Sym
70
67
  o.string '-s', '--string', '[string]'.blue + ' specify a string to encrypt/decrypt'
71
68
  o.string '-f', '--file', '[file] '.blue + ' filename to read from'
72
69
  o.string '-o', '--output', '[file] '.blue + ' filename to write to'
73
- o.string '-n', '--negate', '[file] '.blue + " encrypts any regular #{'file'.green} into #{'file.enc'.green}" + "\n" +
74
- " conversely decrypts #{'file.enc'.green} into #{'file'.green}."
75
70
 
76
71
  o.separator ' '
77
72
  o.separator 'Flags:'.yellow
@@ -82,11 +77,11 @@ module Sym
82
77
  o.bool '-D', '--debug', ' print debugging information'
83
78
  o.bool '-V', '--version', ' print library version'
84
79
  o.bool '-N', '--no-color', ' disable color output'
85
- o.bool '-M', '--no-environment', ' disable reading flags from SYM_ARGS'
80
+ o.bool '-A', '--sym-args', ' read more CLI arguments from $SYM_ARGS'
86
81
 
87
82
  o.separator ' '
88
83
  o.separator 'Utility:'.yellow
89
- o.string '-a', '--bash-completion', '[file]'.blue + ' append shell completion to a file'
84
+ o.string '-B', '--bash-completion', '[file]'.blue + ' append shell completion to a file'
90
85
 
91
86
  o.separator ' '
92
87
  o.separator 'Help & Examples:'.yellow
@@ -94,6 +89,10 @@ module Sym
94
89
  o.bool '-h', '--help', ' show help'
95
90
  end
96
91
  end
92
+
93
+ def key_spec
94
+ 'KEY-SPEC'.bold.magenta
95
+ end
97
96
  end
98
97
  end
99
98
  end
@@ -17,6 +17,7 @@ module Sym
17
17
  :key_source,
18
18
  :input_handler,
19
19
  :key_handler,
20
+ :output,
20
21
  :result,
21
22
  :password_cache
22
23
 
@@ -25,40 +26,16 @@ module Sym
25
26
  self.opts = opts.is_a?(Hash) ? opts : opts.to_hash
26
27
 
27
28
  process_negated_option(opts[:negate]) if opts[:negate]
29
+
28
30
  self.args = ::Sym::App::Args.new(self.provided_options)
29
31
 
32
+ initialize_output_stream
30
33
  initialize_action
31
34
  initialize_data_source
32
35
  initialize_password_cache
33
36
  initialize_input_handler
34
37
  end
35
38
 
36
- def provided_options
37
- provided_opts = self.opts.clone
38
- provided_opts.delete_if { |k, v| !v }
39
- provided_opts
40
- end
41
-
42
- def provided_safe_options
43
- provided_options.map do |k, v|
44
- k == :key && [44, 45].include?(v.size) ?
45
- [k, '[reducted]'] :
46
- [k, v]
47
- end.to_h
48
- end
49
-
50
- def provided_flags
51
- provided_flags = provided_options
52
- provided_flags.delete_if { |k, v| ![false, true].include?(v) }
53
- provided_flags.keys
54
- end
55
-
56
- def provided_value_options
57
- provided = provided_safe_options
58
- provided.delete_if { |k, v| [false, true].include?(v) }
59
- provided
60
- end
61
-
62
39
  def execute!
63
40
  initialize_key_source
64
41
  unless command
@@ -110,6 +87,32 @@ module Sym
110
87
  editors_to_try.find { |editor| File.exist?(editor) }
111
88
  end
112
89
 
90
+ def provided_options
91
+ provided_opts = self.opts.clone
92
+ provided_opts.delete_if { |k, v| !v }
93
+ provided_opts
94
+ end
95
+
96
+ def provided_safe_options
97
+ provided_options.map do |k, v|
98
+ k == :key && [44, 45].include?(v.size) ?
99
+ [k, '[reducted]'] :
100
+ [k, v]
101
+ end.to_h
102
+ end
103
+
104
+ def provided_flags
105
+ provided_flags = provided_options
106
+ provided_flags.delete_if { |k, v| ![false, true].include?(v) }
107
+ provided_flags.keys
108
+ end
109
+
110
+ def provided_value_options
111
+ provided = provided_safe_options
112
+ provided.delete_if { |k, v| [false, true].include?(v) }
113
+ provided
114
+ end
115
+
113
116
 
114
117
  private
115
118
 
@@ -128,6 +131,14 @@ module Sym
128
131
  ]
129
132
  end
130
133
 
134
+ def initialize_output_stream
135
+ output_klass = args.output_class
136
+ unless output_klass && output_klass.is_a?(Class)
137
+ raise "Can not determine output type from arguments #{provided_options}"
138
+ end
139
+ self.output = output_klass.new(opts).output_proc
140
+ end
141
+
131
142
  def initialize_input_handler(handler = ::Sym::App::Input::Handler.new)
132
143
  self.input_handler = handler
133
144
  end
@@ -1,5 +1,5 @@
1
1
  module Sym
2
- VERSION = '2.4.3'
2
+ VERSION = '2.5.0'
3
3
  DESCRIPTION = <<-eof
4
4
  Sym is a command line utility and a Ruby API that makes it trivial to encrypt and decrypt
5
5
  sensitive data. Unlike many other existing encryption tools, sym focuses on usability and
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sym
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.4.3
4
+ version: 2.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Konstantin Gredeskoul
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-03-01 00:00:00.000000000 Z
11
+ date: 2017-03-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colored2
@@ -221,6 +221,7 @@ email:
221
221
  executables:
222
222
  - keychain
223
223
  - sym
224
+ - symit
224
225
  extensions: []
225
226
  extra_rdoc_files: []
226
227
  files:
@@ -241,6 +242,7 @@ files:
241
242
  - bin/sym.completion
242
243
  - exe/keychain
243
244
  - exe/sym
245
+ - exe/symit
244
246
  - lib/sym.rb
245
247
  - lib/sym/app.rb
246
248
  - lib/sym/app/args.rb