sym 2.7.0 → 2.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +61 -0
- data/.document +1 -1
- data/.gitignore +1 -0
- data/.rspec +1 -0
- data/.travis.yml +11 -6
- data/CHANGELOG.md +11 -0
- data/README.md +18 -9
- data/Rakefile +11 -3
- data/SYM-CLI.md +9 -132
- data/bin/sym.completion +64 -2
- data/bin/sym.symit +442 -139
- data/design/ascii-cinema.png +0 -0
- data/design/sym-examples.png +0 -0
- data/design/sym-help.png +0 -0
- data/design/sym-symit-help.png +0 -0
- data/exe/sym +2 -1
- data/lib/sym/app.rb +2 -2
- data/lib/sym/app/cli.rb +1 -1
- data/lib/sym/app/commands/bash_completion.rb +19 -5
- data/lib/sym/version.rb +1 -1
- data/sym.gemspec +9 -8
- metadata +18 -14
- data/sym-3.0-cli.md +0 -168
Binary file
|
Binary file
|
data/design/sym-help.png
ADDED
Binary file
|
Binary file
|
data/exe/sym
CHANGED
@@ -8,11 +8,12 @@ require 'sym/app'
|
|
8
8
|
|
9
9
|
#ARGV.any?{ |a| a =~ /^-/ } ?
|
10
10
|
begin
|
11
|
-
::Sym::App::CLI.new(ARGV.dup).execute
|
11
|
+
exit ::Sym::App::CLI.new(ARGV.dup).execute
|
12
12
|
rescue Interrupt => e
|
13
13
|
STDERR.flush
|
14
14
|
STDERR.puts "Interrupt, #{e.message}, exiting."
|
15
15
|
STDERR.flush
|
16
|
+
exit 1
|
16
17
|
end
|
17
18
|
|
18
19
|
|
data/lib/sym/app.rb
CHANGED
@@ -52,11 +52,11 @@ module Sym
|
|
52
52
|
reason = exception.message if exception
|
53
53
|
|
54
54
|
if exception && (config && config[:trace] || reason == 'Unknown Error')
|
55
|
-
lines << "#{error_type.red
|
55
|
+
lines << "#{error_type.bold.red}:\n#{error_details.red.italic}\n" + ''.normal
|
56
56
|
lines << exception.backtrace.join("\n").red.bold if config[:trace]
|
57
57
|
lines << "\n"
|
58
58
|
else
|
59
|
-
lines << "
|
59
|
+
lines << " ✖ Sym Error #{operation}:".bold.red + (reason ? " #{reason} ".red.italic: " #{error_details}")[0..70] + ' '.normal + "\n"
|
60
60
|
lines << "#{comments}" if comments
|
61
61
|
end
|
62
62
|
|
data/lib/sym/app/cli.rb
CHANGED
@@ -7,26 +7,40 @@ module Sym
|
|
7
7
|
required_options [:bash_support]
|
8
8
|
try_after :generate_key, :open_editor, :encrypt, :decrypt
|
9
9
|
|
10
|
+
def ok
|
11
|
+
'[OK]'.bold.green
|
12
|
+
end
|
13
|
+
|
10
14
|
def execute
|
11
15
|
file = opts[:bash_support]
|
12
16
|
|
13
17
|
out = ''
|
14
18
|
Sym::Constants::Bash::Config.each_pair do |key, config|
|
15
19
|
script_name = key.to_s
|
16
|
-
|
20
|
+
if (!File.exist?(config[:dest])) ||
|
21
|
+
(File.exist?(config[:dest]) && !FileUtils.identical?(config[:source], config[:dest]))
|
22
|
+
FileUtils.cp(config[:source], config[:dest])
|
23
|
+
out << "#{} installing #{config[:dest].bold.blue }...\n"
|
24
|
+
else
|
25
|
+
out << "#{ok} file #{config[:dest].bold.blue } exists, and is up to date.\n"
|
26
|
+
end
|
27
|
+
|
17
28
|
out << if File.exist?(file)
|
18
29
|
if File.read(file).include?(config[:script])
|
19
|
-
"#{
|
30
|
+
"#{ok} BASH script #{file.bold.yellow} already sources #{script_name.bold.blue}.\n"
|
20
31
|
else
|
21
32
|
append_completion_script(file, config[:script])
|
22
|
-
"#{
|
33
|
+
"#{ok} BASH script #{script_name.bold.blue} is now sourced from #{file.bold.yellow}\n"
|
23
34
|
end
|
24
35
|
else
|
25
36
|
append_completion_script(file, config[:script])
|
26
|
-
"#{
|
37
|
+
"#{ok}, created new file #{file.bold.yellow}, added #{script_name.bold.blue} initialization.\n"
|
27
38
|
end
|
28
39
|
end
|
29
|
-
out
|
40
|
+
out << "\nPlease reload your terminal session to activate bash completion\n"
|
41
|
+
out << "and other installed BASH utilities.\n"
|
42
|
+
out << "\nAlternatively, just type #{"source #{file}".bold.green} to reload BASH.\n"
|
43
|
+
out << "Also — go ahead and try running #{"sym -h".bold.blue} and #{"symit -h".bold.blue}.\n"
|
30
44
|
end
|
31
45
|
|
32
46
|
private
|
data/lib/sym/version.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
module Sym
|
2
|
-
VERSION = '2.
|
2
|
+
VERSION = '2.8.0'
|
3
3
|
DESCRIPTION = <<-eof
|
4
4
|
Sym is a ruby library (gem) that offers both the command line interface (CLI) and a set of rich Ruby APIs, which make it rather trivial to add encryption and decryption of sensitive data to your development or deployment flow. As a layer of additional security, you can encrypt the private key itself with a password. Unlike many other existing encryption tools, Sym focuses on getting out of the way — by offering its streamlined interface, hoping to make encryption of application secrets nearly completely transparent to the developers. For the data encryption Sym uses a symmetric 256-bit key with the AES-256-CBC cipher, same cipher as used by the US Government. For password-protecting the key Sym uses AES-128-CBC cipher. The resulting data is zlib-compressed and base64-encoded. The keys are also base64 encoded for easy copying/pasting/etc.
|
5
5
|
|
data/sym.gemspec
CHANGED
@@ -30,17 +30,18 @@ http://kig.re/2017/03/10/dead-simple-encryption-with-sym.html
|
|
30
30
|
|
31
31
|
BASH COMPLETION
|
32
32
|
===============
|
33
|
-
To enable bash command line completion
|
34
|
-
command
|
35
|
-
|
33
|
+
To enable bash command line completion and install highly useful
|
34
|
+
command line BASH wrapper 'symit', please run the following
|
35
|
+
command after installing the gem. It appends sym's shell completion
|
36
|
+
wrapper to the file specified in arguments to -B flag.
|
36
37
|
|
37
38
|
sym -B ~/.bash_profile
|
38
39
|
source ~/.bash_profile
|
40
|
+
# then:
|
41
|
+
sym --help
|
42
|
+
symit --help
|
39
43
|
|
40
|
-
Thank you for using Sym and happy
|
41
|
-
|
42
|
-
For bonus points, run 'symit -h' after installing and loading bash
|
43
|
-
completion.
|
44
|
+
Thank you for using Sym and happy encrypting :)
|
44
45
|
|
45
46
|
@kigster on Github,
|
46
47
|
@kig on Twitter.
|
@@ -57,7 +58,7 @@ EOF
|
|
57
58
|
spec.add_development_dependency 'simplecov'
|
58
59
|
spec.add_development_dependency 'irbtools'
|
59
60
|
spec.add_development_dependency 'aruba'
|
60
|
-
spec.add_development_dependency 'bundler'
|
61
|
+
spec.add_development_dependency 'bundler'
|
61
62
|
spec.add_development_dependency 'rake'
|
62
63
|
spec.add_development_dependency 'rspec', '~> 3'
|
63
64
|
spec.add_development_dependency 'rspec-its'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sym
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.8.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Konstantin Gredeskoul
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-01-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: colored2
|
@@ -154,16 +154,16 @@ dependencies:
|
|
154
154
|
name: bundler
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
156
156
|
requirements:
|
157
|
-
- - "
|
157
|
+
- - ">="
|
158
158
|
- !ruby/object:Gem::Version
|
159
|
-
version: '
|
159
|
+
version: '0'
|
160
160
|
type: :development
|
161
161
|
prerelease: false
|
162
162
|
version_requirements: !ruby/object:Gem::Requirement
|
163
163
|
requirements:
|
164
|
-
- - "
|
164
|
+
- - ">="
|
165
165
|
- !ruby/object:Gem::Version
|
166
|
-
version: '
|
166
|
+
version: '0'
|
167
167
|
- !ruby/object:Gem::Dependency
|
168
168
|
name: rake
|
169
169
|
requirement: !ruby/object:Gem::Requirement
|
@@ -254,6 +254,7 @@ executables:
|
|
254
254
|
extensions: []
|
255
255
|
extra_rdoc_files: []
|
256
256
|
files:
|
257
|
+
- ".circleci/config.yml"
|
257
258
|
- ".codeclimate.yml"
|
258
259
|
- ".document"
|
259
260
|
- ".gitignore"
|
@@ -271,10 +272,14 @@ files:
|
|
271
272
|
- bin/setup
|
272
273
|
- bin/sym.completion
|
273
274
|
- bin/sym.symit
|
275
|
+
- design/ascii-cinema.png
|
274
276
|
- design/sym-class-dependency-future-refactor.png
|
275
277
|
- design/sym-class-dependency.graffle
|
276
278
|
- design/sym-class-dependency.pdf
|
277
279
|
- design/sym-class-dependency.png
|
280
|
+
- design/sym-examples.png
|
281
|
+
- design/sym-help.png
|
282
|
+
- design/sym-symit-help.png
|
278
283
|
- exe/keychain
|
279
284
|
- exe/sym
|
280
285
|
- lib/sym.rb
|
@@ -328,18 +333,17 @@ files:
|
|
328
333
|
- lib/sym/extensions/with_timeout.rb
|
329
334
|
- lib/sym/magic_file.rb
|
330
335
|
- lib/sym/version.rb
|
331
|
-
- sym-3.0-cli.md
|
332
336
|
- sym.gemspec
|
333
337
|
homepage: https://github.com/kigster/sym
|
334
338
|
licenses: []
|
335
339
|
metadata: {}
|
336
340
|
post_install_message: "\nThank you for installing Sym! \n\nBLOG POST\n=========\nhttp://kig.re/2017/03/10/dead-simple-encryption-with-sym.html\n\nBASH
|
337
|
-
COMPLETION\n===============\nTo enable bash command line completion
|
338
|
-
|
339
|
-
|
340
|
-
\
|
341
|
-
|
342
|
-
on Github, \n @kig on Twitter.\n\n"
|
341
|
+
COMPLETION\n===============\nTo enable bash command line completion and install
|
342
|
+
highly useful\ncommand line BASH wrapper 'symit', please run the following \ncommand
|
343
|
+
after installing the gem. It appends sym's shell completion \nwrapper to the file
|
344
|
+
specified in arguments to -B flag.\n\n sym -B ~/.bash_profile\n source ~/.bash_profile\n
|
345
|
+
\ # then:\n sym --help\n symit --help\n \nThank you for using Sym and happy encrypting
|
346
|
+
:)\n\n@kigster on Github, \n @kig on Twitter.\n\n"
|
343
347
|
rdoc_options: []
|
344
348
|
require_paths:
|
345
349
|
- lib
|
@@ -355,7 +359,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
355
359
|
version: '0'
|
356
360
|
requirements: []
|
357
361
|
rubyforge_project:
|
358
|
-
rubygems_version: 2.6.
|
362
|
+
rubygems_version: 2.6.13
|
359
363
|
signing_key:
|
360
364
|
specification_version: 4
|
361
365
|
summary: Dead-simple and easy to use encryption library on top of OpenSSL, offering
|
data/sym-3.0-cli.md
DELETED
@@ -1,168 +0,0 @@
|
|
1
|
-
|
2
|
-
# Sym
|
3
|
-
|
4
|
-
## Table of Contents
|
5
|
-
|
6
|
-
[TOC]
|
7
|
-
|
8
|
-
__Sym__ is a versatile encryption gem, based on the symmetric encryption cipher provided by the OpenSSL. It provides easy to remember commands to manage encryption key: you can generate a key, import an existing key, password protect an open key, store the key in OS-X KeyChain, and use it for encryption/decryption later. The key is used to encrypt, decrypt and edit any sensitive information, such application secrets.
|
9
|
-
|
10
|
-
## Usage
|
11
|
-
|
12
|
-
sym [ global options ] [ sub command ] [ command options ]
|
13
|
-
|
14
|
-
## Global Options
|
15
|
-
|
16
|
-
```bash
|
17
|
-
-t, --password-timeout [timeout] when passwords expire (in seconds)
|
18
|
-
-p, --no-password-cache disables caching of key passwords
|
19
|
-
-v, --verbose show additional information
|
20
|
-
-T, --trace print a backtrace of any errors
|
21
|
-
-q, --quiet silence all output
|
22
|
-
-V, --version print library version
|
23
|
-
-N, --no-color disable color output
|
24
|
-
```
|
25
|
-
|
26
|
-
## Help & Examples:
|
27
|
-
|
28
|
-
```bash
|
29
|
-
-h, --help show help
|
30
|
-
-l, --long show help and detailed examples
|
31
|
-
```
|
32
|
-
|
33
|
-
## Commands
|
34
|
-
|
35
|
-
### Genereate a new key
|
36
|
-
```bash
|
37
|
-
sym key [ [ --out | -o ] uri ] # or STDOUT by default
|
38
|
-
# eg.
|
39
|
-
> sym key -o stdout
|
40
|
-
> sym key -o file://~/.key
|
41
|
-
```
|
42
|
-
|
43
|
-
### Copy or Re-Import a Key
|
44
|
-
|
45
|
-
Typically applied to an existing key, optionally password-protecting it:
|
46
|
-
|
47
|
-
```bash
|
48
|
-
sym key [ --in | -k ] uri
|
49
|
-
[ [ --out | -o ] uri ] # or STDOUT by default
|
50
|
-
[ --password | -p ]
|
51
|
-
# eg.
|
52
|
-
> sym key -k file://~/.key -o keychain://mykey -p
|
53
|
-
|
54
|
-
> sym key -k stdin -o keychain://mykey -p
|
55
|
-
Please enter the encryption key: 75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4=
|
56
|
-
Please enter new password:
|
57
|
-
Please confirm the new password:
|
58
|
-
```
|
59
|
-
|
60
|
-
### Delete an existing key (assuming URI supports deletion):
|
61
|
-
|
62
|
-
```bash
|
63
|
-
sym key [ --delete | -d ] uri
|
64
|
-
|
65
|
-
# eg.
|
66
|
-
> sym key -d keychain://mykey
|
67
|
-
> sym key -d redis://127.0.0.1:6379/1/symkey
|
68
|
-
```
|
69
|
-
|
70
|
-
### Encrypt or Decrypt a Resource
|
71
|
-
|
72
|
-
```bash
|
73
|
-
sym decrypt [ --key | -k ] uri
|
74
|
-
[ --data | -d ] uri
|
75
|
-
[ [ --out | -o ] uri ]
|
76
|
-
|
77
|
-
sym encrypt [ --key | -k ] uri
|
78
|
-
[ --data | -d ] uri
|
79
|
-
[ [ --out | -o ] uri ]
|
80
|
-
```
|
81
|
-
|
82
|
-
### Open Encrypted Resource in an Editor
|
83
|
-
|
84
|
-
```bash
|
85
|
-
sym edit [ --key | -k ] uri
|
86
|
-
[ --data | -d ] uri
|
87
|
-
[ [ --backup | -b ] data-backup-uri
|
88
|
-
```
|
89
|
-
### Re-encrypt data, and rotate the key
|
90
|
-
|
91
|
-
For key and data URIs that support update operation (eg, `file://`, `keychain://`)
|
92
|
-
this operation decrypts the resource with the current key, generates
|
93
|
-
a new key, re-encrypts the data, and updates both the resource and the
|
94
|
-
key URIs.
|
95
|
-
|
96
|
-
```bash
|
97
|
-
sym cycle [ --key | -k ] uri
|
98
|
-
[ --data | -d ] uri
|
99
|
-
[ [ --out | -o ] uri ]
|
100
|
-
# eg:
|
101
|
-
sym cycle -k file://~/.key -d file://./secrets.yml
|
102
|
-
```
|
103
|
-
|
104
|
-
### Installation, Help, and Other Commands
|
105
|
-
|
106
|
-
```bash
|
107
|
-
sym install bash-completion
|
108
|
-
|
109
|
-
sym --help | -h
|
110
|
-
|
111
|
-
sym command --help | -h
|
112
|
-
|
113
|
-
sym examples
|
114
|
-
```
|
115
|
-
|
116
|
-
### Arguments via Environment
|
117
|
-
|
118
|
-
Common arguments can be passed in an environment variable called `SYM_ARGS`:
|
119
|
-
|
120
|
-
export SYM_ARGS='-k file://~/.sym.key'
|
121
|
-
|
122
|
-
The name of the variable can be read from the `-B <name>` argument, eg:
|
123
|
-
|
124
|
-
SYM_ARGUMENTS='-k 75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4'
|
125
|
-
sym -B SYM_ARGUMENS -d file://file.enc
|
126
|
-
|
127
|
-
### Reading and Writing Data and Keys
|
128
|
-
|
129
|
-
The new CLI for Sym uses a consistent naming for reading in the data and the key, and for writing out the key and/or data. The scheme is based on URI.
|
130
|
-
|
131
|
-
Each URI type is supported by a corresponding plugin, and new ones can be easily defined.
|
132
|
-
|
133
|
-
Some examples:
|
134
|
-
|
135
|
-
```bash
|
136
|
-
string://234234234 # read from the literal data
|
137
|
-
env://MY_VARIABLE # read from environment variable
|
138
|
-
|
139
|
-
file://home/kig/.mykey # read/write from/to file
|
140
|
-
stdio:// # read/write using stdin/out
|
141
|
-
|
142
|
-
# Real URLs could potentially support writes with PUT or POST
|
143
|
-
https://mysite.com/remote/secrets.json.enc
|
144
|
-
|
145
|
-
# Files support read/write
|
146
|
-
file:///usr/local/etc/secrets.json
|
147
|
-
```
|
148
|
-
|
149
|
-
Below is the list of supported types planned for 3.0:
|
150
|
-
|
151
|
-
#### Supported Types
|
152
|
-
|
153
|
-
```bash
|
154
|
-
URI: Read? Write? Delete?
|
155
|
-
|
156
|
-
string://value yes
|
157
|
-
env://variable yes
|
158
|
-
stdio:// yes
|
159
|
-
shell://command yes yes yes
|
160
|
-
file://filename yes yes yes
|
161
|
-
keychain://name yes yes yes
|
162
|
-
redis://127.0.0.1:6397/1/mykey yes yes yes
|
163
|
-
memcached://127.0.0.1:11211/mykey yes yes yes
|
164
|
-
scp://user@host/path/file yes yes yes
|
165
|
-
http[s]://user@host/path/file yes yes yes
|
166
|
-
ftp[s]://user@host/path/file yes yes yes
|
167
|
-
|
168
|
-
```
|