sym 2.4.3 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2c1acdb6cfcceef2df7e797519901ebec2105abf
-  data.tar.gz: 207fef73284f1ed1cad87b2112dbd3bba6615ee1
+  metadata.gz: 919e73e972d6bf773f1dd3d41c5d3ced53769d6e
+  data.tar.gz: 14fea598ef6e71bf34daa3efe958fee42ae15c9b
 SHA512:
-  metadata.gz: 2064567295f89592911ce4f3cc105a11ed679286bc3345a5743700d60ec5facd8895ab97f35eb5fb9eb1f5c5a640ec2e5973fcdefd2c8b419698bd117e8e3984
-  data.tar.gz: 8a55697cf80cfdde490558404ca3c52533798e1446b40226e40e66511b81e6f8c49e270309104302712bf7751ec5dccf77af84943681a868ecd3d0facaec9880
+  metadata.gz: 8691a7efbd04c1ff7aa305dcc7b7b9dfbd13ca1e9f7fcf3693b35f5eea54f8fc91b48ecec1d9d9df4c1a8032eb200d4129b9f86fd0c6f8bc376619015287bcee
+  data.tar.gz: f78c6e6fb38dc1c6e9be492b1ebd5d76807b832b4d7ee3b58e0d6bfe8bf878d705966925104900fb1a4f2deb1f67fffbecab8ff8e28388ef11f1545f562360af

data/CHANGELOG.md

@@ -2,7 +2,18 @@
 
 ## [HEAD](https://github.com/kigster/sym/tree/HEAD)
 
-[Changes since the last tag](https://github.com/kigster/sym/compare/v2.3.0...HEAD)
+[Changes since the last tag](https://github.com/kigster/sym/compare/v2.5.0...HEAD)
+
+## [v2.5.0](https://github.com/kigster/sym/tree/v2.5.0) (2017-02-28)
+[Full Changelog](https://github.com/kigster/sym/compare/v2.4.3...v2.5.0)
+
+ * Updated README
+ * Remove `-M` flag; make `SYM_ARGS` environment be only used when `-A` flag is supplied
+ * Change `--bash-completion` to use `-B`
+ * Major fix up for sym.completion
+ * New file `exe/symit` for transparently editing secrets
+ * Reworked `Sym::Application`, removed `--dictionary`, and simplified argument parsing.
+ * Refactored `output_proc` to live in `application`.
 
 ## [v2.4.2](https://github.com/kigster/sym/tree/v2.4.2) (2017-02-28)
 [Full Changelog](https://github.com/kigster/sym/compare/v2.4.1...v2.4.2)

data/README.md

@@ -52,24 +52,26 @@ So how does `sym` substantiate its claim that it *streamlines* the encryption pr
 
 As you can see, we really tried to build a tool that provides good security for application secrets, including password-based encryption, but does not annoyingly ask for password every time. With `--edit` option, and `--negate` options you can treat encrypted files like regular files. 
 
-> Encrypting application secrets had never been easier! –– Socrates. 
+> Encrypting application secrets had never been easier! –– Socrates [LOL, -ed.]
 
 ### How It Works
 
   1. You generate a new encryption key, that will be used to both encrypt and decrypt the data. The key is 256 bits, or 32 bytes, or 45 bytes when base64-encoded, and can be generated with `sym -g`.
      * You can optionally password protect the key with `sym -gp`
-     * You can save the key into a file `sym -gpo key-file` 
-     * Or you can save it into the OS-X Keychain, with `sym -gpcx keychain-name`, while caching its password for a period of time.
-     * or you can print it to STDOUT, which is the default.
+     * You can save the key into a file with `sym -gpo key-file` 
+     * Or you can save it into the OS-X Keychain, with `sym -gpx keychain-name`
+     * You can also cache the password, with `sym -gpcx keychain-name`
+     * Normally, `sym` will also print the resulting key to STDOUT.
+     * You can prevent the key from being printed to STDOUT with `-q/--quiet`. 
   2. You then take a piece of sensitive __data__ that you want to encrypt. This can be a file or a string.
-  3. You can then use the key to encrypt sensitive __data__, with `sym -e [key-option] [data-option]`, passing it the key in several accepted ways. Smart flag `-k` automatically interpretes the source of the key, by trying:
+  3. You can then use the key to encrypt sensitive __data__, with `sym -e [key-spec] [data-spec]`, passing it the key in several accepted ways. Smart flag `-k` automatically interpretes the source of the key, by trying:
      * a file with a pathname.
      * or environment variable
      * or OS-X Keychain password entry
      * or you can paste the key interactively with `-i` 
   4. Input data can be read from a file with `-f file`, or read from STDIN, or a passed on the command line with `-s string`    
   4. Output is the encrypted data, which is printed to STDOUT by the default, or it can be saved to a file with `-o <file>`
-  5. Encrypted file can be later decrypted with `sym -d [key-option] [data-option]`
+  5. Encrypted file can be later decrypted with `sym -d [key-spec] [data-spec]`
 
 Sample session that uses Mac OS-X Keychain to store the password-protected key.
 
@@ -178,15 +180,15 @@ Or create a password-protected key (`-p`), and save it to a file (`-o`), cache t
     
 ##### Key Sources
     
-You can subsequently use the private key by passing either:
+You can subsequently use the private key by passing either of these options to the `-k` flag (*sym attempts to resolve the key automatically, by trying each option and moving to the next until the key is found*):
 
- 1. the `-k key` flag, where key is either:
-    * a file
+ 1. the `-k value` flag, where the *value* is one of:
+    * a file path
     * an environment variable name 
-    * an actual base64-encoded key
+    * an actual base64-encoded key (not recommended for security reasons)
     * a keychain name
  2. pasting or typing the key with the `-i` (interactive) flag
- 3. a default key file, in your home folder, `~/.sym.key`, used only when no other flags passed in.
+ 3. a default key file, in your home folder, `~/.sym.key`, used only when no other flags were passed in.
 
 #### Using KeyChain Access on Mac OS-X
 
@@ -197,13 +199,14 @@ Apple had released a `security` command line tool, which this library uses to se
  * The private key won't be lying around your file system unencrypted, so if your Mac is ever stolen, you don't need to worry about the keys running wild.
  * If you sync your keychain with the iCloud you will have access to it on other machines
 
-To activate the KeyChain mode on the Mac, use `-x <key-name>` flag with `-g` flag when generating a key. The `key name` is what you call this particular key, based on how you plan to use it. For example, you may call it `staging`, etc.
+As mentioned previously, to add the key to the KeyChain on the Mac, use `-x <key-name>` flag with `-g` flag when generating a key. The `key name` is what you call this particular key, based on how you plan to use it. For example, you may call it `staging`, etc.
 
 The following command generates the private key and immediately stores it in the KeyChain access under the name provided:
 
-    sym -gx staging
+    sym -gx staging   # the key is passwordless
+    sym -gpcx staging # this key is password protected, with the password cached
 
-Now, whenever you need to encrypt something you can specify the key with `-x staging`. 
+Next, whenever you need to *use* this key, you can specify the key with `-k staging`. 
 
 Finally, you can delete a key from KeyChain access by running:
 
@@ -253,17 +256,17 @@ You can optionally store frequently used flags for `sym` in the `SYM_ARGS` envir
 export SYM_ARGS="-cx production"
 ```
 
-This will always be appended to the command line, and so to encrypt/decrypt anything with password caching enabled and using that particular key, you would simply type:
+This will be automatically appended to the command line if the `-A/--sym-args` flag is provided, and so to encrypt/decrypt anything with password caching enabled and using that particular key, you would simply type:
 
 ```bash
 # -cx production are added from SYM_ARGS
-sym -ef file -o file.enc
+sym -Aef file -o file.enc
 
 # And to decrypt:
-sym -df file.enc -o file.original
+sym -Adf file.enc -o file.original
 
 # Or edit the encrypted file:
-sym -tf file.enc
+sym -Atf file.enc
 ```
 
 #### Complete CLI Usage
@@ -271,34 +274,42 @@ sym -tf file.enc
 This may be a good time to take a look at the full help message for the `sym` tool, shown naturally with a `-h` or `--help` option.
 
 ```
-Sym (2.4.1) – encrypt/decrypt data with a private key
+Sym (2.5.0) – encrypt/decrypt data with a private key
 
 Usage:
    # Generate a new key, optionally password protected, and save it
    # in one of: keychain, file, or STDOUT (-q turns off STDOUT) 
    sym -g [ -p/--password ] [ -x keychain | -o file | ] [ -q ]  
 
+   # To specify encryption key, provide the key as 
+   #   1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable name 
+   #   5) use -i to paste/type the key interactively
+   #   6) default key file (if present) at /Users/kig/.sym.key
+   KEY-SPEC = -k/--key [ key | file | keychain | environment_variable ]
+              -i/--interactive
 
    # Encrypt/Decrypt from STDIN/file/args, to STDOUT/file:
-   sym -e/--encrypt <key-spec> [-f [file | - ] | -s string ] [-o file] 
-   sym -d/--decrypt <key-spec> [-f [file | - ] | -s string ] [-o file] 
+   sym -e/--encrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file] 
+   sym -d/--decrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file] 
+
+   # Auto-detect mode based on a special file extension ".enc"
+   sym -n/--negate  KEY-SPEC file[.enc] 
  
    # Edit an encrypted file in $EDITOR 
-   sym -t/--edit    <key-spec> -f file [ -b/--backup ]
+   sym -t/--edit    KEY-SPEC -f file [ -b/--backup ]
  
-   # Specify any  common flags in the BASH variable. Here we
-   # specify KeyChain name "staging" and turn on password caching
+   # Save commonly used flags in a BASH variable. Below we save the KeyChain 
+   # "staging" as the default key name, and enable password caching.
    export SYM_ARGS="-ck staging"
- 
-   # And now encrypt using default key location /Users/kig/.sym.key
-   sym -e -f file
-   # May need to disable SYM_ARGS with -M, eg for help:
-   sym -h -M 
+   # Then activate $SYM_ARGS by using -A/--sym-args flag:
+   sym -Aef file
  
 Modes:
   -e, --encrypt                     encrypt mode
   -d, --decrypt                     decrypt mode
   -t, --edit                        edit encrypted file in an $EDITOR
+  -n, --negate           [file]     encrypts any regular file into file.enc
+                                    conversely decrypts file.enc into file.
  
 Create a new private key:
   -g, --generate                    generate a new private key
@@ -318,8 +329,6 @@ Data to Encrypt/Decrypt:
   -s, --string           [string]   specify a string to encrypt/decrypt
   -f, --file             [file]     filename to read from
   -o, --output           [file]     filename to write to
-  -n, --negate           [file]     encrypts any regular file into file.enc
-                                    conversely decrypts file.enc into file.
  
 Flags:
   -b, --backup                      create a backup file in the edit mode
@@ -329,15 +338,14 @@ Flags:
   -D, --debug                       print debugging information
   -V, --version                     print library version
   -N, --no-color                    disable color output
-  -M, --no-environment              disable reading flags from SYM_ARGS
+  -A, --sym-args                    read more CLI arguments from $SYM_ARGS
  
 Utility:
-  -a, --bash-completion  [file]     append shell completion to a file
+  -B, --bash-completion  [file]     append shell completion to a file
  
 Help & Examples:
   -E, --examples                    show several examples
   -h, --help                        show help
-
 ```
 
 ### CLI Usage Examples

data/bin/sym.completion

@@ -5,36 +5,27 @@
 # © 2015-2016, Konstantin Gredeskoul,  https://github.com/kigster/sym
 # MIT LICENSE
 #
- [[ -z "$(type _filedir 2>/dev/null)" ]] && {
-  _filedir ()
-  {
-      local i IFS='
-  ' xspec;
-      _tilde "$cur" || return 0;
-      local -a toks;
-      local quoted tmp;
-      _quote_readline_by_ref "$cur" quoted;
-      toks=(${toks[@]-} $(
-          compgen -d -- "$cur" | {
-              while read -r tmp; do
-                  # TODO: I have removed a "[ -n $tmp ] &&" before 'printf ..',
-                  #       and everything works again. If this bug suddenly
-                  #       appears again (i.e. "cd /b<TAB>" becomes "cd /"),
-                  #       remember to check for other similar conditionals (here
-                  #       and _filedir_xspec()). --David
-                  printf '%s\n' $tmp
-              done
-          }
-      ));
-      if [[ "$1" != -d ]]; then
-          [[ ${BASH_VERSINFO[0]} -ge 4 ]] && xspec=${1:+"!*.@($1|${1^^})"} || xspec=${1:+"!*.@($1|$(printf %s $1 | tr '[:lower:]' '[:upper:]'))"};
-          toks=(${toks[@]-} $( compgen -f -X "$xspec" -- $quoted));
-      fi;
-      [ ${#toks[@]} -ne 0 ] && _compopt_o_filenames;
-      COMPREPLY=("${COMPREPLY[@]}" "${toks[@]}")
-  }
+
+declare -a bash_completion_locations=(/usr/local/etc/bash_completion /usr/etc/bash_completion /etc/bash_completion)
+loaded=false
+for file in ${bash_completion_locations[@]}; do
+    [[ -s $file ]] && {
+      source $file
+      break
+    }
+done
+
+_sym_long_opts() {
+    sym -h | grep -- '--' | egrep '^  -' | awk '{print $2}' | sort 
 }
 
+_sym_short_opts() {
+    sym -h | grep -- '--' | egrep '^  -' | awk '{print $1}' | sed 's/,//g' | sort
+}
+
+unset _SYM_COMP_LONG_OPTIONS
+unset _SYM_COMP_SHORT_OPTIONS
+
 _sym()
 {
     local cur prev shell i path
@@ -46,33 +37,33 @@ _sym()
     _expand || return 0
 
     case "$prev" in
-    --@(key|file|output|negate))
-        _filedir
-        return 0
-        ;;
-    -@(f|k|o|n))
-        _filedir
-        return 0
-        ;;
+        --@(key|file|output|negate))
+            _filedir
+            return 0
+            ;;
+        -@(f|k|o|n))
+            _filedir
+            return 0
+            ;;
     esac
 
     case "$cur" in
-    --*)
-        export DICT_SYM_COMP_LONG_OPTIONS=${DICT_SYM_COMP_LONG_OPTIONS:-$(sym -hM | grep -- '--' | egrep '^  -' | awk '{print $2}')}
-        COMPREPLY=( $( compgen -W "$DICT_SYM_COMP_LONG_OPTIONS" -- "$cur" ))
-        ;;
-    -*)
-        export DICT_SYM_COMP_OPTIONS=${DICT_SYM_COMP_OPTIONS:-$(sym --dictionary | sed -E 's/ /\n/g')}
-        COMPREPLY=( $( compgen -W "$DICT_SYM_COMP_OPTIONS" -- "$cur" ))
-        ;;
-    *)
-        _filedir
-        ;;
+        --*)
+            export _SYM_COMP_LONG_OPTIONS=${_SYM_COMP_LONG_OPTIONS:-$(_sym_long_opts)}
+            COMPREPLY=($( compgen -W "$_SYM_COMP_LONG_OPTIONS" -- "$cur" ))
+            ;;
+        -*)
+            export _SYM_COMP_SHORT_OPTIONS=${_SYM_COMP_SHORT_OPTIONS:-$(_sym_short_opts)}
+            COMPREPLY=($( compgen -W "$_SYM_COMP_SHORT_OPTIONS" -- "$cur" ))
+            ;;
+        *)
+            _filedir
+            ;;
     esac
 
     return 0
 } &&
-complete -F _sym $nospace $filenames sym
+    complete -F _sym $nospace $filenames sym
 
 # Local variables:
 # mode: shell-script

data/exe/symit

@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+#
+#
+# (c) 2017 Konstantin Gredeskoul
+# MIT License, distributed as part of `sym` ruby gem
+#
+# https://github.com/kigster/sym
+#
+#====================================================================================
+# Purpuse of this script is to transparently edit application secrets in a Rails app.
+#
+# Modify the `default*` variables below and then you can use the script like so:
+#
+# bin/secred <production | staging | development> [ key-spec ]
+#
+#
+# SET THE VALUE BELOW WITH THE NAME OF YOUR KEY (actual key, environment variable,
+# keychain name, etc)
+
+[[ -n $1 && ${1:0:1} != "-" ]] && {
+  encrypted_file=$1
+  shift
+}
+
+symit::init() {
+  symit::install
+
+  export default_key=
+  export default_extension="yml.enc"
+  export default_folder=config/settings/secrets
+
+  export true=1
+  export false=0
+
+  export txtrst='\e[0m'    # Text Reset
+  export bldred='\e[1;31m' # Red
+  export bldgrn='\e[1;32m' # Green
+  export bldylw='\e[1;33m' # Yellow
+  export bldblu='\e[1;34m' # Blue
+
+  unset cli__opts
+  declare -A cli__opts=(
+    [verbose]=${true}
+    [key]=${default_key}
+    [extension]=${default_extension}
+    [dry_run]=${false}
+  )
+}
+
+symit::usage() {
+  printf "${bldblu}symit: ${txtrst}edit an encrypted file using a pre-defined key\n\n"
+
+  printf " Usage: ${bldgrn}symit ${bldylw}[file-spec] [options]${txtrst}\n\n"
+
+  printf " # To edit an encrypted file config/settings/secrets/development.yml.enc${txtrst}\n"
+  printf "        ${bldgrn}symit${bldylw} development${txtrst}\n\n"
+
+  printf "options: \n"
+  printf "    -k | --key         [key-spec]   Pass an alternative key, other than ${default_key}\n"
+  printf "    -x | --extension   [extension]  Pass an alternative default extension, other than ${bldylw}${default_extension}${txtrst}\n"
+  printf "    -l | --locations                Print locations where [file-spec] is searched\n"
+  printf "    -h | --help                     Show this help message\n"
+  printf "    -n | --dry-run                  Show the generated sym command\n"
+  exit 1
+}
+
+symit::error() {
+  printf "${bldred}error: $* ${bldylw}\n"
+  exit 255
+}
+
+symit::install() {
+  if [[ -z "${_symit__installed}" ]] ; then
+    [[ -n "$(gem list | grep sym)" ]] || gem install sym
+    [[ -z $(sym -h 2>&1 | grep -- '-k, --key' | grep keychain) ]] && {
+      printf "detected missing or an older version of ${bldgrn}sym${txtrst}... upgrading...\n"
+      echo y | gem uninstall sym -a 2>/dev/null
+      gem install sym --verbose
+    }
+  fi
+}
+
+symit::show_locations() {
+  printf "Search path: \n"
+  for loc in ${locations[@]}; do
+    printf "     - ${loc}\n"
+  done
+}
+
+
+symit::locs() {
+  if [[ -n ${encrypted_file} ]]; then
+    declare -a locations=("${default_folder}/${encrypted_file}.${default_extension}"
+                       "${default_folder}/${encrypted_file}"
+                       "${encrypted_file}")
+  fi
+  echo -n ${locations[*]}
+}
+
+symit::init
+
+[[ -z ${encrypted_file} && -z $* ]] && symit::usage
+
+while :; do
+  case $1 in
+    -h|-\?|--help)
+        shift
+        symit::usage
+        ;;
+
+    -k|--key)
+        shift
+        [[ -n $1 ]] || symit::error "-k/--key requires an argument"
+        cli__opts[key]=$1
+        ;;
+
+    -x|--extension)
+        shift
+        [[ -n $1 ]] || symit::error "-x/--extension requires an argument"
+        cli__opts[extension]=$1
+        ;;
+
+    -l|--locations)
+        shift
+        [[ -n ${encrypted_file} ]] || symit::error "-l/--locations requires file-spec to be provided as the 1st argument"
+        declare -a locations=$(symit::locs)
+        symit::show_locations
+        exit 0
+        ;;
+    -n|--dry-run)
+        shift
+        cli__opts[dry_run]=${true}
+        ;;
+
+    --)              # End of all options.
+        shift
+        break
+        ;;
+    -?*)
+        printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
+        exit 127
+        shift
+        ;;
+    *)               # Default case: If no more options then break out of the loop.
+        break
+        shift
+  esac
+done
+
+declare -a locations=$(symit::locs)
+
+file=
+for loc in ${locations[@]}; do
+  if [[ -s "${loc}" ]] ; then
+    file=${loc}
+    break
+  fi
+done
+
+[[ -z $file ]] && symit::error "${encrypted_file} could not be found."
+
+command="sym -ck $cli__opts[key] -tf ${file}"
+
+${cli_opts[dry_run]} && printf "[dry_run] "
+
+printf "${bldgrn}${command}${txtrst}\n"
+
+${cli_opts[dry_run]} || ${command}

data/lib/sym/app/cli.rb

@@ -56,48 +56,51 @@ module Sym
       # brings in #parse(Array[String] args)
       include CLISlop
 
-      attr_accessor :opts, :application, :outputs, :output_proc
+      attr_accessor :opts, :application, :outputs
 
       def initialize(argv)
         begin
-          argv << args_from_environment(argv)
-          argv.flatten!
-          argv.compact!
-          argv_original = argv.dup
-          # Re-map any leg  acy options to the new options
-          argv = CLI.replace_argv(argv)
-          dict      = argv.delete('--dictionary')
+
+          # Re-map any legacy options to the new options
           self.opts = parse(argv)
-          command_dictionary if dict
+          if opts[:sym_args]
+            append_sym_args(argv)
+            self.opts = parse(argv)
+          end
+
+          # Disable coloring if requested, or if piping STDOUT
+          if opts[:no_color] || !STDOUT.tty?
+            Colored2.disable! # reparse options without the colors to create new help msg
+            self.opts = parse(argv)
+          end
+
         rescue StandardError => e
+          log :error, "#{e.message}" if opts
           error exception: e
           return
         end
 
-        # Disable coloring if requested, or if piping STDOUT
-        if opts[:no_color] || !STDOUT.tty?
-          command_no_color(argv_original)
-        end
-
         self.application = ::Sym::Application.new(opts)
-        select_output_stream
       end
 
-      def args_from_environment(argv)
-        env_args = ENV[Sym::Constants::ENV_ARGS_VARIABLE_NAME]
-        if env_args && !(argv.include?('-M') or argv.include?('--no-environment'))
-          env_args.split(' ')
-        else
-          []
+      def append_sym_args(argv)
+        if env_args = sym_args
+          argv << env_args.split(' ')
+          argv.flatten!
+          argv.compact!
         end
       end
 
+      def sym_args
+        ENV[Sym::Constants::ENV_ARGS_VARIABLE_NAME]
+      end
+
       def execute
         return Sym::App.exit_code if Sym::App.exit_code != 0
         result = application.execute
         case result
           when Hash
-            self.output_proc = ::Sym::App::Args.new({}).output_class
+            self.output_proc ::Sym::App::Args.new({}).output_class
             error(result)
           else
             self.output_proc.call(result)
@@ -109,46 +112,21 @@ module Sym
         @command ||= self.application&.command
       end
 
+      def output_proc(proc = nil)
+        self.application&.output = proc if proc
+        self.application&.output
+      end
+
       def opts_present
         o = opts.to_hash
         o.keys.map { |k| opts[k] ? nil : k }.compact.each { |k| o.delete(k) }
         o
       end
 
-      class << self
-        # Re-map any legacy options to the new options
-        ARGV_FLAG_REPLACE_MAP = {
-          'C' => 'c'
-        }
-
-        def replace_regex(from)
-          %r{^-([\w]*)#{from}([\w]*)$}
-        end
-
-        def replace_argv(argv)
-          argv = argv.dup
-          replacements = []
-          ARGV_FLAG_REPLACE_MAP.each_pair do |from, to|
-            argv.map! do |a|
-              match = replace_regex(from).match(a)
-              if match
-                replacements << from
-                "-#{match[1]}#{to}#{match[2]}"
-              else
-                a
-              end
-            end
-          end
-          argv
-        end
-      end
-
       private
 
-      def command_dictionary
-        options = opts.parser.unused_options + opts.parser.used_options
-        puts options.map(&:to_s).sort.map { |o| "-#{o[1]}" }.join(' ')
-        exit 0
+      def log(*args)
+        Sym::App.log(*args, **(opts.to_hash))
       end
 
       def error(hash)
@@ -157,22 +135,6 @@ module Sym
         Sym::App.error(**hash)
       end
 
-      def select_output_stream
-        output_klass = application.args.output_class
-        unless output_klass && output_klass.is_a?(Class)
-          raise "Can not determine output class from arguments #{opts.to_hash}"
-        end
-        self.output_proc = output_klass.new(application.opts).output_proc
-      end
-
-      def command_no_color(argv)
-        Colored2.disable! # reparse options without the colors to create new help msg
-        self.opts = parse(argv.dup)
-      end
-
-      def key_spec
-        '<key-spec>'.bold.magenta
-      end
     end
   end
 end

data/lib/sym/app/cli_slop.rb

@@ -14,11 +14,11 @@ module Sym
           o.separator '   sym -g '.green.bold + '[ -p/--password ] [ -x keychain | -o file | ] [ -q ]  '.green
           o.separator ''
           o.separator '   # To specify encryption key, provide the key as '.dark
-          o.separator '   #   1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable, '.dark
-          o.separator '   #   5) use -i to paste/type the key, 6) default key file, if present.'.dark
-          o.separator '   ' + key_spec + ' = -k/--key [ key | file | keychain | env ]'.green.bold
-          o.separator '                -i/--interactive'.green.bold
-
+          o.separator '   #   1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable name '.dark
+          o.separator '   #   5) use -i to paste/type the key interactively'.dark
+          o.separator '   #   6) default key file (if present) at '.dark + Sym.default_key_file.magenta.bold
+          o.separator '   ' + key_spec + ' = -k/--key [ key | file | keychain | environment_variable ]'.green.bold
+          o.separator         '              -i/--interactive'.green.bold
           o.separator ''
           o.separator '   # Encrypt/Decrypt from STDIN/file/args, to STDOUT/file:'.dark
           o.separator '   sym -e/--encrypt '.green.bold + key_spec + ' [-f [file | - ] | -s string ] [-o file] '.green
@@ -29,23 +29,20 @@ module Sym
           o.separator ' '
           o.separator '   # Edit an encrypted file in $EDITOR '.dark
           o.separator '   sym -t/--edit    '.green.bold + key_spec + ' -f file [ -b/--backup ]'.green.bold
-
           o.separator ' '
-          o.separator '   # Save commonly used flags in a BASH variable. Below we save KeyChain '.dark
-          o.separator '   # "staging" as the default key source, and enable password caching.'.dark
+          o.separator '   # Save commonly used flags in a BASH variable. Below we save the KeyChain '.dark
+          o.separator '   # "staging" as the default key name, and enable password caching.'.dark
           o.separator '   export SYM_ARGS="'.green + '-ck staging'.bold.green + '"'.green
-          o.separator ' '
-          o.separator '   # And now encrypt using default key location '.dark + Sym.default_key_file.magenta.bold
-          o.separator '   sym -e '.green.bold '-f file'.green.bold
-          o.separator '   # May need to disable SYM_ARGS with -M, eg for help:'.dark
-          o.separator '   sym -h -M '.green.bold
+          o.separator '   # Then activate $SYM_ARGS by using -A/--sym-args flag:'.dark
+          o.separator '   sym -Aef '.green.bold 'file'.green.bold
 
           o.separator ' '
           o.separator 'Modes:'.yellow
           o.bool      '-e', '--encrypt',            '           encrypt mode'
           o.bool      '-d', '--decrypt',            '           decrypt mode'
           o.bool      '-t', '--edit',               '           edit encrypted file in an $EDITOR'
-
+          o.string    '-n', '--negate',             '[file]  '.blue + "   encrypts any regular #{'file'.green} into #{'file.enc'.green}" + "\n" +
+                                     "                                    conversely decrypts #{'file.enc'.green} into #{'file'.green}."
           o.separator ' '
           o.separator 'Create a new private key:'.yellow
           o.bool      '-g', '--generate',           '           generate a new private key'
@@ -70,8 +67,6 @@ module Sym
           o.string    '-s', '--string',             '[string]'.blue + '   specify a string to encrypt/decrypt'
           o.string    '-f', '--file',               '[file]  '.blue + '   filename to read from'
           o.string    '-o', '--output',             '[file]  '.blue + '   filename to write to'
-          o.string    '-n', '--negate',             '[file]  '.blue + "   encrypts any regular #{'file'.green} into #{'file.enc'.green}" + "\n" +
-                                     "                                    conversely decrypts #{'file.enc'.green} into #{'file'.green}."
 
           o.separator ' '
           o.separator 'Flags:'.yellow
@@ -82,11 +77,11 @@ module Sym
           o.bool      '-D', '--debug',              '           print debugging information'
           o.bool      '-V', '--version',            '           print library version'
           o.bool      '-N', '--no-color',           '           disable color output'
-          o.bool      '-M', '--no-environment',     '           disable reading flags from SYM_ARGS'
+          o.bool      '-A', '--sym-args',           '           read more CLI arguments from $SYM_ARGS'
 
           o.separator ' '
           o.separator 'Utility:'.yellow
-          o.string    '-a', '--bash-completion',    '[file]'.blue + '     append shell completion to a file'
+          o.string    '-B', '--bash-completion',    '[file]'.blue + '     append shell completion to a file'
 
           o.separator ' '
           o.separator 'Help & Examples:'.yellow
@@ -94,6 +89,10 @@ module Sym
           o.bool      '-h', '--help',               '           show help'
         end
       end
+
+      def key_spec
+        'KEY-SPEC'.bold.magenta
+      end
     end
   end
 end

data/lib/sym/application.rb

@@ -17,6 +17,7 @@ module Sym
                   :key_source,
                   :input_handler,
                   :key_handler,
+                  :output,
                   :result,
                   :password_cache
 
@@ -25,40 +26,16 @@ module Sym
       self.opts          = opts.is_a?(Hash) ? opts : opts.to_hash
 
       process_negated_option(opts[:negate]) if opts[:negate]
+
       self.args = ::Sym::App::Args.new(self.provided_options)
 
+      initialize_output_stream
       initialize_action
       initialize_data_source
       initialize_password_cache
       initialize_input_handler
     end
 
-    def provided_options
-      provided_opts = self.opts.clone
-      provided_opts.delete_if { |k, v| !v }
-      provided_opts
-    end
-
-    def provided_safe_options
-      provided_options.map do |k, v|
-        k == :key && [44, 45].include?(v.size) ?
-          [k, '[reducted]'] :
-          [k, v]
-      end.to_h
-    end
-
-    def provided_flags
-      provided_flags = provided_options
-      provided_flags.delete_if { |k, v| ![false, true].include?(v) }
-      provided_flags.keys
-    end
-
-    def provided_value_options
-      provided = provided_safe_options
-      provided.delete_if { |k, v| [false, true].include?(v) }
-      provided
-    end
-
     def execute!
       initialize_key_source
       unless command
@@ -110,6 +87,32 @@ module Sym
       editors_to_try.find { |editor| File.exist?(editor) }
     end
 
+    def provided_options
+      provided_opts = self.opts.clone
+      provided_opts.delete_if { |k, v| !v }
+      provided_opts
+    end
+
+    def provided_safe_options
+      provided_options.map do |k, v|
+        k == :key && [44, 45].include?(v.size) ?
+          [k, '[reducted]'] :
+          [k, v]
+      end.to_h
+    end
+
+    def provided_flags
+      provided_flags = provided_options
+      provided_flags.delete_if { |k, v| ![false, true].include?(v) }
+      provided_flags.keys
+    end
+
+    def provided_value_options
+      provided = provided_safe_options
+      provided.delete_if { |k, v| [false, true].include?(v) }
+      provided
+    end
+
 
     private
 
@@ -128,6 +131,14 @@ module Sym
       ]
     end
 
+    def initialize_output_stream
+      output_klass = args.output_class
+      unless output_klass && output_klass.is_a?(Class)
+        raise "Can not determine output type from arguments #{provided_options}"
+      end
+      self.output = output_klass.new(opts).output_proc
+    end
+
     def initialize_input_handler(handler = ::Sym::App::Input::Handler.new)
       self.input_handler = handler
     end

data/lib/sym/version.rb

@@ -1,5 +1,5 @@
 module Sym
-  VERSION = '2.4.3'
+  VERSION = '2.5.0'
   DESCRIPTION = <<-eof
     Sym is a command line utility and a Ruby API that makes it trivial to encrypt and decrypt 
     sensitive data. Unlike many other existing encryption tools, sym focuses on usability and 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sym
 version: !ruby/object:Gem::Version
-  version: 2.4.3
+  version: 2.5.0
 platform: ruby
 authors:
 - Konstantin Gredeskoul
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-03-01 00:00:00.000000000 Z
+date: 2017-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colored2
@@ -221,6 +221,7 @@ email:
 executables:
 - keychain
 - sym
+- symit
 extensions: []
 extra_rdoc_files: []
 files:
@@ -241,6 +242,7 @@ files:
 - bin/sym.completion
 - exe/keychain
 - exe/sym
+- exe/symit
 - lib/sym.rb
 - lib/sym/app.rb
 - lib/sym/app/args.rb