sym 2.5.1 → 2.5.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6862ecd0c07b12c1ee20a9d2f2bb070bf8912656
4
- data.tar.gz: 98edcee0cd5c47c876cd002841b7aa1bff420bee
3
+ metadata.gz: aca611feea26256020a9d946efbbdc7cba379ce4
4
+ data.tar.gz: 2948a5e41803333a67c7aae070a13d2742a0156a
5
5
  SHA512:
6
- metadata.gz: 97c4215175e2afd0ad94f01069cfab3690a2d50c1e9603ea9d6f956becaba8f969fdbaf173326815ab3f88630b9a58702c8d23d40f1c98f032982f5e57faf8d2
7
- data.tar.gz: ce41e1adb186a492eef492e5d9e6699987fbeab95f0a4ee8271c2fe75a98654374633c33ae7fa11c6b1aa41f0072ede88b619126210ca3e4c7f82e692f481482
6
+ metadata.gz: 238dace75955c11031173d5584dc3672fc623c34dd0dd491948147e471750d7fdf8685c8b77b5f27db29a0317abd9fb70ea94da2286f7837c48ec0ea9db68073
7
+ data.tar.gz: 5678caa99c45624bb438954a3fc2bc9e70d1accb699104c0b061e244b53b18a444297b6953fe4438683b67a3174b8676fc38c7cb7a02258f28756f40cc9f35ec
data/README.md CHANGED
@@ -15,11 +15,17 @@
15
15
 
16
16
  ## Description
17
17
 
18
- > __sym__ is a command line utility and a Ruby API that makes it _trivial to encrypt and decrypt sensitive data_. Unlike many other existing encryption tools, __sym__ focuses on usability and streamlined interface (CLI), with the goal of making encryption easy and transparent. The result? There is no excuse for keeping your application secrets unencrypted :)
18
+ <div style="padding 20px; font-size: 13pt;">
19
+
20
+ <strong>sym</strong> is a command line utility and a Ruby API that makes it <em>trivial to encrypt and decrypt sensitive data</em>. Unlike many other existing encryption tools, <strong>sym</strong> focuses on usability and streamlined interface (CLI), with the goal of making encryption easy and transparent. The result? There is no longer any excuse for keeping your application secrets unencrypted or outside of your repo.<br /><br />
21
+
22
+ <strong>sym</strong> uses <em>symmetric Encryption</em> which simply means that you will be using the same 256-bit key to encrypt and decrypt data. In addition to the private key, the encryption uses an IV vector. The library completely hides `iv` generation from the user, and automatically generates a random `iv` per encryption. Finally, each key can be uniquely password-protected (encrypted) and stored in OS-X Keychain, environment variable or a file.
23
+
24
+ </div>
19
25
 
20
26
  ### Motivation
21
27
 
22
- The primary goal of this tool is to streamline and simplify handling of relatively sensitive data in the most trasparent and easy to use way as possible, without sacrificing security.
28
+ The main goal when writing this tool was to streamline and simplify handling of sensitive data in a trasparent and easy to use way without sacrificing security.
23
29
 
24
30
  Most common use-cases include:
25
31
 
@@ -33,15 +39,15 @@ __Sym__ is a layer built on top of the [`OpenSSL`](https://www.openssl.org/) lib
33
39
 
34
40
  This gem includes two primary components:
35
41
 
36
- * [Ruby API](#rubyapi) for enabling encryption/decryption of any data within any Ruby class, with extremely easy-to-use methods
37
- * [Rich command line interface CLI](#cli) with many additional features to streamline handling of encrypted data.
38
-
39
- _Symmetric Encryption_ simply means that we are using the same private key to encrypt and decrypt. In addition to the private key, the encryption uses an IV vector. The library completely hides `iv` generation from the user, and automatically generates a random `iv` per encryption.
40
-
42
+ * [Rich command line interface CLI](#cli) with many features to streamline encryption/decryption.
43
+ * Ruby API:
44
+ * [Basic Encryption/Decryption API](#rubyapi) is activated by including `Sym` module in a class, it adds easy to use `encr`/`decr` methods.
45
+ * [Application API](#rubyapi-app) is activated by instantiating `Sym::Application`, and using the instance to drive sym's complete set of functionality, as if it was invoked from the CLI.
46
+ * [Sym::Configuration](#rubyapi-config) class for overriding default cipher, and many other parameters such as compression, cache location, zlib compression, and more.
41
47
 
42
48
  ### Massive Time Savers
43
49
 
44
- So how does `sym` substantiate its claim that it *streamlines* the encryption process? I thought about it, and turns out there are quite a few reasons:
50
+ What are the time savers that we mentioned earlier?
45
51
 
46
52
  * By using Mac OS-X Keychain, `sym` offers a simple yet secure way of storing the key on a local machine, much more secure then storing it on a file system.
47
53
  * By using a password cache (`-c`) via an in-memory provider such as `memcached` or `drb`, `sym` invocations take advantage of password cache, and only ask for a password once per a configurable time period.
@@ -54,26 +60,53 @@ As you can see, we really tried to build a tool that provides good security for
54
60
 
55
61
  > Encrypting application secrets had never been easier! –– Socrates [LOL, -ed.]
56
62
 
57
- ### How It Works
63
+ ## Using Sym
64
+
65
+ #### Installation
66
+
67
+ If you plan on using the library in your Ruby project with Bundler managing its dependencies, just include the following line in your `Gemfile`:
68
+
69
+ gem 'sym'
70
+
71
+ And then run `bundle`.
72
+
73
+ Or install it into the global namespace with `gem install` command:
74
+
75
+ $ gem install sym
76
+ $ sym -h
77
+ $ sym -E # see examples
78
+
79
+ __BASH Completion__
80
+
81
+ Optionally, after gem installation, you can also install bash-completion of gem's command line options, but running the following command (and feel free to use any of the "dot" files you prefer):
82
+
83
+ sym -B ~/.bashrc
84
+
85
+ Should you choose to install it (this part is optional), you will be able to use "tab-tab" after typing `sym`, and you'll be able to choose from all of the supported flags.
86
+
87
+ #### Typical Use-Case Scenario
58
88
 
59
- 1. You generate a new encryption key, that will be used to both encrypt and decrypt the data. The key is 256 bits, or 32 bytes, or 45 bytes when base64-encoded, and can be generated with `sym -g`.
60
- * You can optionally password protect the key with `sym -gp`
61
- * You can save the key into a file with `sym -gpo key-file`
62
- * Or you can save it into the OS-X Keychain, with `sym -gpx keychain-name`
63
- * You can also cache the password, with `sym -gpcx keychain-name`
64
- * Normally, `sym` will also print the resulting key to STDOUT.
89
+ 1. You generate a new encryption key, that will be used to both encrypt and decrypt the data. The key is 256 bits, or 32 bytes, or 45 bytes when base64-encoded, and can be generated with `sym -g`. The key must be saved somewhere for later retrieval. The key should not be easily accessible to an attacker. Note, that while generating the key, you can:
90
+ * optionally password protect the key with `sym -gp`
91
+ * save the key into a file with `sym -gpo key-file`
92
+ * save it into the OS-X Keychain, with `sym -gpx keychain-name`
93
+ * cache the password, with `sym -gpcx keychain-name`
94
+ * Normally, `sym` will print the resulting key to STDOUT
65
95
  * You can prevent the key from being printed to STDOUT with `-q/--quiet`.
66
- 2. You then take a piece of sensitive __data__ that you want to encrypt. This can be a file or a string.
67
- 3. You can then use the key to encrypt sensitive __data__, with `sym -e [key-spec] [data-spec]`, passing it the key in several accepted ways. Smart flag `-k` automatically interpretes the source of the key, by trying:
68
- * a file with a pathname.
69
- * or environment variable
70
- * or OS-X Keychain password entry
71
- * or you can paste the key interactively with `-i`
72
- 4. Input data can be read from a file with `-f file`, or read from STDIN, or a passed on the command line with `-s string`
73
- 4. Output is the encrypted data, which is printed to STDOUT by the default, or it can be saved to a file with `-o <file>`
74
- 5. Encrypted file can be later decrypted with `sym -d [key-spec] [data-spec]`
75
-
76
- Sample session that uses Mac OS-X Keychain to store the password-protected key.
96
+ 2. Next, let's assume you have a file or a string that you want to encrypt. We call this *data*.
97
+ 3. In order to encrypt the __data__, we must supply an encryption key. Flag `-k` automatically retrieves the key, by trying to read it in several distinct ways, such as:
98
+ * a file with a pathname specified by the argument (eg, `-k ~/.key`)
99
+ * or environment variable (eg `-k ENC_KEY`)
100
+ * or OS-X Keychain entry
101
+ * verbatum string argument (not recommended)
102
+ * alternatively, you can paste the key interactively with `-i` or save the default key in `~/.sym.key` file.
103
+ 4. Finally, we are ready to encrypt. The data to be encrypted can be read from a file with `-f filename`, or it can be read from STDIN, or a passed on the command line with `-s string`. For example, `sym -e -k ~/.key -f /etc/passwd` will encrypt the file and print the encrypted contents to STDOUT.
104
+ 4. Instead of printing to STDOUT, the output can be saved to a file with `-o <file>` or a simple redirect or a pipe.
105
+ 5. Encrypted file can later be decrypted with `sym -d ...` assuming the same key it was encrypted with.
106
+ 6. Encrypted file with extension `.enc` can be automatically decrypted with `-n/--negate` option; if the file does not end with `.enc`, it is encrypted and `.enc` extension added to the resulting file.
107
+ 7. With `-t` flag you can open in VIM (or `$EDITOR`) any encrypted file and edit it. Once you save it, the file gets re-encrypted and replaces the previous version. A backup can be created with `-b` option. See the section on [inline editing](#inline)
108
+
109
+ A sample session that uses Mac OS-X Keychain to store the password-protected key.
77
110
 
78
111
  ```bash
79
112
  # Gen a new key, password-encrypt it, cache the password, save
@@ -83,7 +116,6 @@ New Password : •••••••••
83
116
  Confirm Password : •••••••••
84
117
 
85
118
  ❯ sym -eck my-new-key -s 'My secret data' -o secret.enc
86
- Coin::Vault listening at: druby://127.0.0.1:24924
87
119
  Password: •••••••••
88
120
 
89
121
  ❯ cat secret.enc
@@ -104,47 +136,136 @@ My secret data
104
136
  My secret data
105
137
  ```
106
138
 
107
- The line that says `Coin::Vault listening at: druby://127.0.0.1:24924` is the indication that the local dRB server used for caching passwords has been started. Password caching is off by default, but is enabled with `-c` flag. In the example above, the decryption step fetched the password from the cache, and so the user was not required to re-enter the password.
139
+ Note that password caching is off by default, but is enabled with `-c` flag. In the example above, the decryption step fetched the password from the cache, and so the user was not required to re-enter the password.
108
140
 
109
- __Direct Editing Encrypted Files__
141
+ <a name="inline"></a>
142
+
143
+ #### Inline Editing of Encrypted Files
110
144
 
111
- Instead of decrypting data anytime you need to change it, you can use the shortcut flag `-t` (for "edi**t**"), which decrypts your data into a temporary file, automatically opening it with an `$EDITOR`.
145
+ The `sym` CLI tool supports one particularly interesting mode, that streamlines handling of encrypted files. The mode is called __edit mode__, and is activated with the `-t` flag.
112
146
 
113
- Example:
147
+ Instead of decrypting data anytime you need to change it into a new file and then manually re-encrypting the result, you can use the shortcut flag `-t` (for "edi**t**"), which decrypts your data into a temporary file, automatically opening it with an `$EDITOR`.
114
148
 
115
149
  sym -t -f config/application/secrets.yml.enc -k ~/.key
116
150
 
117
151
  > This is one of those time-saving features that can make a difference in making encryption feel easy and transparent.
118
152
 
119
- For more information see the section on [inline editing](#inline).
153
+ > NOTE: this mode does not seem to work with GUI editors such as Atom or TextMate. Since `sym` waits for the editor process to complete, GUI editors "complete" immediately upon starting a windowed application.
120
154
 
121
- ## Installation
155
+ In this mode several flags are of importance:
122
156
 
123
- If you plan on using the library in your Ruby project with Bundler managing its dependencies, just include the following line in your `Gemfile`:
157
+ -b (--backup) – will create a backup of the original file
158
+ -v (--verbose) - will show additional info about file sizes
124
159
 
125
- gem 'sym'
160
+ Here is a full command that opens a file specified by `-f | --file`, using the key specified in `-k | --keyfile`, in the editor defined by the `$EDITOR` environment variable (or if not set – defaults to `/bin/vi`)".
126
161
 
127
- And then run `bundle`.
162
+ Example: here we edit an encrypted file in `vim`, while using interactive mode to paste the key (`-i | --interactive`), and then creating a backup file (`-b | --backup`) upon save:
128
163
 
129
- Or install it into the global namespace with `gem install` command:
164
+ sym -tibf data.enc
165
+ # => Private Key: ••••••••••••••••••••••••••••••••••••••••••••
166
+ #
167
+ # => Diff:
168
+ # 3c3
169
+ # # (c) 2015 Konstantin Gredeskoul. All rights reserved.
170
+ # ---
171
+ # # (c) 2016 Konstantin Gredeskoul. All rights reserved.
130
172
 
131
- $ gem install sym
132
- $ sym -h
133
- $ sym -E # see examples
173
+ Note the `diff` shown after save.
134
174
 
135
- __BASH Completion__
175
+ <a name="rubyapi"></a>
136
176
 
137
- Optionally, after gem installation, you can also install bash-completion of gem's command line options, but running the following command (and feel free to use any of the "dot" files you prefer):
177
+ ## Ruby API
138
178
 
139
- sym -B/--bash-support ~/.bashrc
179
+ You start by including `Sym` module into your class or a module. Such class will be decorated with new class methods `#private_key` and `#create_private_key`, as well as instance methods `#encr`, and `#decr`.
140
180
 
141
- Should you choose to install it (this part is optional), you will be able to use "tab-tab" after typing `sym`, and you'll be able to choose from all of the supported flags.
181
+ #### Class Method `#create_private_key()`
142
182
 
143
- <a name="cli"></a>
183
+ This method will generate a new key each time it's called.
184
+
185
+ #### Class Method `#private_key(value = nil)`
186
+
187
+ This method will either assign an existing key (if a value is passed) or generate and save a new key in the class instance variable. Therefore each class including `Sym` will (by default) use a unique key (unless the key is passed in as an argument).
188
+
189
+ The following example illustrates this point:
190
+
191
+ ```ruby
192
+ require 'sym'
193
+
194
+ class TestClass
195
+ include Sym
196
+ end
197
+
198
+ @key = TestClass.create_private_key
199
+ @key.eql?(TestClass.private_key) # => false
200
+ # A new key was created and saved in #private_key accessor.
201
+
202
+ class SomeClass
203
+ include Sym
204
+ private_key TestClass.private_key
205
+ end
206
+
207
+ @key.eql?(SomeClass.private_key) # => true (it was assigned)
208
+ ```
209
+
210
+ #### Encrypting and Decrypting Data
211
+
212
+ So how would we use this library from another Ruby project to encrypt and decrypt values?
213
+
214
+ After including the `Sym` module, two instance methods are added:
215
+
216
+ * `#encr(value, private_key)` and
217
+ * `#decr(value, private_key)`.
218
+
219
+ Therefore you could write something like this below, protecting a sensitive string using a class-level secret.
220
+
221
+ ```ruby
222
+ require 'sym'
223
+ class TestClass
224
+ include Sym
225
+ private_key ENV['SECRET']
226
+
227
+ def sensitive_value=(value)
228
+ @sensitive_value = encr(value, self.class.private_key)
229
+ end
230
+ def sensitive_value
231
+ decr(@sensitive_value, self.class.private_key)
232
+ end
233
+ end
234
+ ```
235
+
236
+ #### Encrypting the Key Itself
144
237
 
238
+ You can encrypt the private key using a custom password. This is highly recommended, because without the password the key is the only piece that stands between an attacker and decrypting your sensitive data.
239
+
240
+ For this purpose, two more instance methods exist:
241
+
242
+ * `encr_password(data, password, iv = nil)`
243
+ * `decr_password(encrypted_data, password, iv = nil)`
244
+
245
+ They can be used independently of `encr` and `decr` to encrypt/decrypt any data with a password.
246
+
247
+ <a name="rubyapi-app"></a>
248
+
249
+ #### Full Application API
250
+
251
+ Since the command line interface offers much more than just encryption/decryption of data with a key, majority of these features are available through `Sym::Application` instance.
252
+
253
+ The class is instantiated with a hash that would be otherwise generated by parsing CLI arguments, typical `options`. For example, to generate the key, pass `generate: true` — essentially any flag in it's long form can be converted into a hash member.
254
+
255
+ Here is an example:
256
+
257
+ ```ruby
258
+ require 'sym/application'
259
+
260
+ key = Sym::Application.new(generate: true).execute
261
+ # => '75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4='
262
+ ```
263
+
264
+
265
+ <a name="cli"></a>
145
266
  ## Using `sym` with the Command Line
146
267
 
147
- ### Private Keys
268
+ ### Encryption Keys
148
269
 
149
270
  The private key is the cornerstone of the symmetric encryption. Using `sym`, the key can be:
150
271
 
@@ -158,37 +279,69 @@ The __unencrypted private__ key will be in the form of a base64-encoded string,
158
279
 
159
280
  __Encrypted (with password) private key__ will be considerably longer, perhaps 200-300 characters long.
160
281
 
161
- #### Generating Private Keys
162
-
163
- Let's generate a new key, and copy it to the clipboard (using `pbcopy` command on Mac OS-X):
164
-
165
- sym -g | pbcopy
166
-
167
- Or save a new key into a bash variable
282
+ #### Generating the Key — Examples
168
283
 
169
- KEY=$(sym -g)
284
+ ```bash
285
+ # Let's generate a new key, and copy it to the clipboard (using `pbcopy` command on Mac OS-X):
286
+ $ sym -g | pbcopy
170
287
 
171
- Or save it to a file:
288
+ # Or save a new key into a bash variable
289
+ $ KEY=$(sym -g)
172
290
 
173
- sym -go ~/.key
291
+ # Or save it to a file:
292
+ $ sym -go ~/.key
174
293
 
175
- Or create a password-protected key (`-p`), and save it to a file (`-o`), cache the password (`-c`), and don't print the new key to STDOUT (`-q` for quiet):
294
+ # Or create a password-protected key (`-p`), and save it to a file (`-o`),
295
+ # cache the password (`-c`), and don't print the new key to STDOUT (`-q` for quiet)
296
+ $ sym -gpcqo ~/.secret
297
+ New Password: ••••••••••
298
+ Confirm Password: ••••••••••
299
+ $
300
+ ```
176
301
 
177
- sym -gpcqo ~/.secret
178
- New Password: ••••••••••
179
- Confirm Password: ••••••••••
302
+ #### Resolving the `-k` Argument
180
303
 
181
- ##### Key Sources
182
-
183
- You can subsequently use the private key by passing either of these options to the `-k` flag (*sym attempts to resolve the key automatically, by trying each option and moving to the next until the key is found*):
304
+ You can use the generated private key by passing an argument to the `-k` flag.
305
+
306
+ **Sym** attempts to automatically resolve the key source by trying each of the following options, and then moving on to the next until the key is found, or error is shown:
184
307
 
185
308
  1. the `-k value` flag, where the *value* is one of:
186
- * a file path
187
- * an environment variable name
309
+ * a file path, eg (`-k ~/.key`)
310
+ * an environment variable name (`-k MY_KEY`)
188
311
  * an actual base64-encoded key (not recommended for security reasons)
189
- * a keychain name
312
+ * a keychain name (`-k keychain-entry-name`)
190
313
  2. pasting or typing the key with the `-i` (interactive) flag
191
- 3. a default key file, in your home folder, `~/.sym.key`, used only when no other flags were passed in.
314
+ 3. if exists, a default key file, located in your home folder: `~/.sym.key` is used only when no other key-specifying flags were passed in.
315
+
316
+ #### Encryption and Decryption
317
+
318
+ <a name="inline"></a>
319
+
320
+ #### Inline Editing
321
+
322
+ The `sym` CLI tool supports one particularly interesting mode, that streamlines handling of encrypted files. The mode is called __edit mode__, and is activated with the `-t` flag.
323
+
324
+ In this mode `sym` can decrypt the file, and open the result in an `$EDITOR`. Once you make any changes, and save it (exiting the editor), `sym` will automatically diff the new and old content, and if different – will save encrypt it and overwrite the original file.
325
+
326
+ > NOTE: this mode does not seem to work with GUI editors such as Atom or TextMate. Since `sym` waits for the editor process to complete, GUI editors "complete" immediately upon starting a windowed application.
327
+ In this mode several flags are of importance:
328
+
329
+ -b (--backup) – will create a backup of the original file
330
+ -v (--verbose) - will show additional info about file sizes
331
+
332
+ Here is a full command that opens a file specified by `-f | --file`, using the key specified in `-k | --keyfile`, in the editor defined by the `$EDITOR` environment variable (or if not set – defaults to `/bin/vi`)".
333
+
334
+ To edit an encrypted file in `$EDITOR`, while asking to paste the key (`-i | --interactive`), while creating a backup file (`-b | --backup`):
335
+
336
+ sym -tibf data.enc
337
+ # => Private Key: ••••••••••••••••••••••••••••••••••••••••••••
338
+ #
339
+ # => Diff:
340
+ # 3c3
341
+ # # (c) 2015 Konstantin Gredeskoul. All rights reserved.
342
+ # ---
343
+ # # (c) 2016 Konstantin Gredeskoul. All rights reserved.
344
+
192
345
 
193
346
  #### Using KeyChain Access on Mac OS-X
194
347
 
@@ -269,228 +422,19 @@ sym -Adf file.enc -o file.original
269
422
  sym -Atf file.enc
270
423
  ```
271
424
 
272
- #### Complete CLI Usage
273
-
274
- This may be a good time to take a look at the full help message for the `sym` tool, shown naturally with a `-h` or `--help` option.
275
-
276
- ```
277
- Sym (2.5.1) – encrypt/decrypt data with a private key
278
-
279
- Usage:
280
- # Generate a new key, optionally password protected, and save it
281
- # in one of: keychain, file, or STDOUT (-q turns off STDOUT)
282
-
283
- sym -g [ -p/--password ] [ -x keychain | -o file | ] [ -q ]
284
-
285
- # To specify encryption key, provide the key as
286
- # 1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable name
287
- # 5) use -i to paste/type the key interactively
288
- # 6) default key file (if present) at /Users/kig/.sym.key
289
-
290
- KEY-SPEC = -k/--key [ key | file | keychain | environment_variable ]
291
- -i/--interactive
292
-
293
- # Encrypt/Decrypt from STDIN/file/args, to STDOUT/file:
294
-
295
- sym -e/--encrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file]
296
- sym -d/--decrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file]
297
-
298
- # Auto-detect mode based on a special file extension ".enc"
299
-
300
- sym -n/--negate KEY-SPEC file[.enc]
301
-
302
- # Edit an encrypted file in $EDITOR
303
-
304
- sym -t/--edit KEY-SPEC -f file [ -b/--backup ]
305
-
306
- # Save commonly used flags in a BASH variable. Below we save the KeyChain
307
- # "staging" as the default key name, and enable password caching.
308
-
309
- export SYM_ARGS="-ck staging"
310
-
311
- # Then activate $SYM_ARGS by using -A/--sym-args flag:
312
-
313
- sym -Aef file
314
-
315
- Modes:
316
- -e, --encrypt encrypt mode
317
- -d, --decrypt decrypt mode
318
- -t, --edit edit encrypted file in an $EDITOR
319
- -n, --negate [file] encrypts any regular file into file.enc
320
- conversely decrypts file.enc into file.
321
-
322
- Create a new private key:
323
- -g, --generate generate a new private key
324
- -p, --password encrypt the key with a password
325
- -x, --keychain [key-name] write the key to OS-X Keychain
326
-
327
- Read existing private key from:
328
- -k, --key [key-spec] private key, key file, or keychain
329
- -i, --interactive Paste or type the key interactively
330
-
331
- Password Cache:
332
- -c, --cache-passwords enable password cache
333
- -u, --cache-timeout [seconds] expire passwords after
334
- -r, --cache-provider [provider] cache provider, one of memcached, drb
335
-
336
- Data to Encrypt/Decrypt:
337
- -s, --string [string] specify a string to encrypt/decrypt
338
- -f, --file [file] filename to read from
339
- -o, --output [file] filename to write to
340
-
341
- Flags:
342
- -b, --backup create a backup file in the edit mode
343
- -v, --verbose show additional information
344
- -q, --quiet do not print to STDOUT
345
- -T, --trace print a backtrace of any errors
346
- -D, --debug print debugging information
347
- -V, --version print library version
348
- -N, --no-color disable color output
349
- -A, --sym-args read more CLI arguments from $SYM_ARGS
350
-
351
- Utility:
352
- -B, --bash-support [file] append bash completion & utils to a file
353
- such as ~/.bash_profile or ~/.bashrc
354
-
355
- Help & Examples:
356
- -E, --examples show several examples
357
- -h, --help show help
358
-
359
- ```
360
-
361
- ### CLI Usage Examples
362
-
363
- __Generating the Key__:
364
-
365
- Generate a new private key into an environment variable:
366
-
367
- export KEY=$(sym -g)
368
- echo $KEY
369
- # => 75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4=
370
-
371
- Generate a new password-protected key & save to a file:
372
-
373
- sym -gpqo ~/.key
374
- New Password : ••••••••••
375
- Confirm Password : ••••••••••
376
-
377
- Encrypt a plain text string with a key, and save the output to a file:
378
-
379
- sym -e -s "secret string" -k $KEY -o file.enc
380
- cat file.enc
381
- # => Y09MNDUyczU1S0UvelgrLzV0RTYxZz09CkBDMEw4Q0R0TmpnTm9md1QwNUNy%T013PT0K
382
-
383
- Decrypt a previously encrypted string:
384
-
385
- sym -d -s $(cat file.enc) -k $KEY
386
- # => secret string
387
-
388
- Encrypt a file and save it to `sym.enc`:
389
-
390
- sym -e -f app-sym.yml -o app-sym.enc -k $KEY
391
-
392
- Decrypt an encrypted file and print it to STDOUT:
393
-
394
- sym -df app-sym.enc -k $KEY
395
-
396
- <a name="inline"></a>
397
-
398
- #### Inline Editing
399
-
400
- The `sym` CLI tool supports one particularly interesting mode, that streamlines handling of encrypted files. The mode is called __edit mode__, and is activated with the `-t` flag.
401
-
402
- In this mode `sym` can decrypt the file, and open the result in an `$EDITOR`. Once you make any changes, and save it (exiting the editor), `sym` will automatically diff the new and old content, and if different – will save encrypt it and overwrite the original file.
403
-
404
- > NOTE: this mode does not seem to work with GUI editors such as Atom or TextMate. Since `sym` waits for the editor process to complete, GUI editors "complete" immediately upon starting a windowed application.
405
- In this mode several flags are of importance:
406
-
407
- -b (--backup) – will create a backup of the original file
408
- -v (--verbose) - will show additional info about file sizes
409
-
410
- Here is a full command that opens a file specified by `-f | --file`, using the key specified in `-k | --keyfile`, in the editor defined by the `$EDITOR` environment variable (or if not set – defaults to `/bin/vi`)".
411
-
412
- To edit an encrypted file in `$EDITOR`, while asking to paste the key (`-i | --interactive`), while creating a backup file (`-b | --backup`):
413
-
414
- sym -tibf data.enc
415
- # => Private Key: ••••••••••••••••••••••••••••••••••••••••••••
416
- #
417
- # => Diff:
418
- # 3c3
419
- # # (c) 2015 Konstantin Gredeskoul. All rights reserved.
420
- # ---
421
- # # (c) 2016 Konstantin Gredeskoul. All rights reserved.
422
-
423
- <a name="rubyapi"></a>
424
-
425
- ## Ruby API
426
-
427
- To use this library, you must include the main `Sym` module into your library.
428
-
429
- Any class including `Sym` will be decorated with new class methods `#private_key` and `#create_private_key`, as well as instance methods `#encr`, and `#decr`.
430
-
431
- `#create_private_key` will generate a new key each time it's called, while `#private_key` will either assign an existing key (if a value is passed) or generate and save a new key in the class instance variable. Therefore each class including `Sym` will use its key (unless the key is assigned).
432
-
433
- The following example illustrates this point:
434
-
435
- ```ruby
436
- require 'sym'
437
-
438
- class TestClass
439
- include Sym
440
- end
441
- @key = TestClass.create_private_key
442
- @key.eql?(TestClass.private_key) # => false
443
- # A new key was created and saved in #private_key accessor.
444
-
445
- class SomeClass
446
- include Sym
447
- private_key TestClass.private_key
448
- end
449
-
450
- @key.eql?(SomeClass.private_key) # => true (it was assigned)
451
- ```
452
-
453
- ### Encryption and Decryption Operations
425
+ #### CLI Help Screen and Examples
454
426
 
455
- So how would we use this library from another Ruby project to encrypt and decrypt values?
427
+ This may be a good time to take a look at the full help message for the `sym` tool, shown naturally with a `-h` or `--help` option. Examples can be shown with `-E/--examples` flag.
456
428
 
457
- After including the `Sym` module in a ruby class, the class will now have the `#encr` and `#decr` instance methods, as well as `#secret` and `#create_private_key class methods.
429
+ Please take a look at the [SYM-CLI](SYM-CLI.md) for a complete help screen and the examples.
458
430
 
459
- Therefore you could write something like this below, protecting a sensitive string using a class-level secret.
431
+ ## Fine Tuning
460
432
 
461
- ```ruby
462
- require 'sym'
463
- class TestClass
464
- include Sym
465
- private_key ENV['SECRET']
466
-
467
- def sensitive_value=(value)
468
- @sensitive_value = encr(value, self.class.private_key)
469
- end
470
- def sensitive_value
471
- decr(@sensitive_value, self.class.private_key)
472
- end
473
- end
474
- ```
475
-
476
- ### Full Application API
477
-
478
- Since the command line interface offers more than just encryption/decryption, it is available via `Sym::Application` class.
479
-
480
- The class is instantiated with a hash that would be otherwise generated by `Slop.parse(argv)` – ie, typical `options`.
481
-
482
- Here is an example:
483
-
484
- ```ruby
485
- require 'sym/application'
486
-
487
- key = Sym::Application.new(generate: true).execute
488
- # => returns a new private key
489
- ```
433
+ <a name="rubyapi-config"></a>
490
434
 
491
435
  ### Configuration
492
436
 
493
- The library offers a typical `Sym::Configuration` class which can be used to tweak some of the internals of the gem. Its meant for an advanced user who knows what he or she is doing. The code snippet shown below is an actual part of the Configuration class, but you can override it by including it in your code that uses and initializes this library, right after the `require.` The `Configuration` class is a Singleton, so changes to it will propagate to any subsequent calls to the gem.
437
+ The library contains a `Sym::Configuration` singleton class, which can be used to tweak some of the internals of the gem. Its meant for advanced users who know what they are doing. The code snippet shown below is an actual default configuration. You can override the defaults by including a similar snipped in your application initialization, right after the `require 'sym'`. The `Configuration` class is a Singleton, so changes to it will propagate to any subsequent calls to the gem.
494
438
 
495
439
  ```ruby
496
440
  require 'zlib'
@@ -509,18 +453,19 @@ Sym::Configuration.configure do |config|
509
453
  # When nil is selected, providers are auto-detected.
510
454
  config.password_cache_default_provider = nil
511
455
  config.password_cache_arguments = {
456
+ # Ruby dRB-based in-memory cache.
512
457
  drb: {
513
458
  opts: {
514
459
  uri: 'druby://127.0.0.1:24924'
515
460
  }
516
461
  },
462
+ # Memcached Provider – local is the default, but can be changed.
517
463
  memcached: {
518
464
  args: %w(127.0.0.1:11211),
519
465
  opts: { namespace: 'sym',
520
466
  compress: true,
521
467
  expires_in: config.password_cache_timeout
522
468
  }
523
-
524
469
  }
525
470
  }
526
471
  end
@@ -529,7 +474,8 @@ end
529
474
 
530
475
  As you can see, it's possible to change the default cipher type, although not all ciphers will be code-compatible with the current algorithm, and may require additional code changes.
531
476
 
532
- ## Encryption Features & Cipher Used
477
+
478
+ #### Encryption Features & Cipher
533
479
 
534
480
  The `sym` executable as well as the Ruby API provide:
535
481
 
@@ -555,11 +501,11 @@ To install this gem onto your local machine, run `bundle exec rake install`.
555
501
 
556
502
  To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
557
503
 
558
- ### Contributing
504
+ #### Contributing
559
505
 
560
- Bug reports and pull requests are welcome on GitHub at [https://github.com/kigster/sym](https://github.com/kigster/sym).
506
+ Bug reports and pull requests are welcome on GitHub at [https://github.com/kigster/sym](https://github.com/kigster/sym)
561
507
 
562
- ## License
508
+ ### License
563
509
 
564
510
  `Sym` library is &copy; 2016-2017 Konstantin Gredeskoul.
565
511
 
@@ -567,13 +513,13 @@ The gem is available as open source under the terms of the [MIT License](http://
567
513
 
568
514
  The library is designed to be a layer on top of [`OpenSSL`](https://www.openssl.org/), distributed under the [Apache Style license](https://www.openssl.org/source/license.txt).
569
515
 
570
- ## Acknowledgements
516
+ ### Acknowledgements
571
517
 
572
- [Konstantin Gredeskoul](http:/kig.re) is the primary developer of this library. Contributions from others are strongly encouraged and very welcome. Any pull requests will be reviewed promptly.
518
+ While [Konstantin Gredeskoul](http:/kig.re) is the primary developer of this library, contributions are very much encouraged. Any pull requests will be reviewed promptly. Please submit feature requests, bugs, or a good word :)
573
519
 
574
- Contributors:
520
+ #### Contributors:
575
521
 
576
- * Wissam Jarjoui (Shippo)
522
+ * [Wissam Jarjoui](https://github.com/bosswissam)
577
523
  * Megan Mathews
578
524
  * Barry Anderson
579
525
 
@@ -0,0 +1,143 @@
1
+ # Sym CLI Help Screen
2
+
3
+ ```text
4
+ Sym (2.5.1) – encrypt/decrypt data with a private key
5
+
6
+ Usage:
7
+ Generate a new key, optionally password protected, and save it
8
+ in one of: keychain, file, or STDOUT (-q turns off STDOUT)
9
+
10
+ sym -g [ -p/--password ] [-c] [-x keychain | -o file | ] [-q]
11
+
12
+ To specify encryption key, provide the key as
13
+ 1) a string, 2) a file path, 3) an OS-X Keychain, 4) env variable name
14
+ 5) use -i to paste/type the key interactively
15
+ 6) default key file (if present) at /Users/kig/.sym.key
16
+
17
+ KEY-SPEC = -k/--key [ key | file | keychain | env variable name ]
18
+ -i/--interactive
19
+
20
+ Encrypt/Decrypt from STDIN/file/args, to STDOUT/file:
21
+
22
+ sym -e/--encrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file]
23
+ sym -d/--decrypt KEY-SPEC [-f [file | - ] | -s string ] [-o file]
24
+
25
+ Auto-detect mode based on a special file extension ".enc"
26
+
27
+ sym -n/--negate KEY-SPEC file[.enc]
28
+
29
+ Edit an encrypted file in $EDITOR
30
+
31
+ sym -t/--edit KEY-SPEC -f file [ -b/--backup ]
32
+
33
+ Save commonly used flags in a BASH variable. Below we save the KeyChain
34
+ "staging" as the default key name, and enable password caching.
35
+
36
+ export SYM_ARGS="-ck staging"
37
+
38
+ Then activate $SYM_ARGS by using -A/--sym-args flag:
39
+
40
+ sym -Aef file
41
+
42
+ Modes:
43
+ -e, --encrypt encrypt mode
44
+ -d, --decrypt decrypt mode
45
+ -t, --edit edit encrypted file in an $EDITOR
46
+ -n, --negate [file] encrypts any regular file into file.enc
47
+ conversely decrypts file.enc into file.
48
+
49
+ Create a new private key:
50
+ -g, --generate generate a new private key
51
+ -p, --password encrypt the key with a password
52
+ -x, --keychain [key-name] write the key to OS-X Keychain
53
+
54
+ Read existing private key from:
55
+ -k, --key [key-spec] private key, key file, or keychain
56
+ -i, --interactive Paste or type the key interactively
57
+
58
+ Password Cache:
59
+ -c, --cache-passwords enable password cache
60
+ -u, --cache-timeout [seconds] expire passwords after
61
+ -r, --cache-provider [provider] cache provider, one of memcached, drb
62
+
63
+ Data to Encrypt/Decrypt:
64
+ -s, --string [string] specify a string to encrypt/decrypt
65
+ -f, --file [file] filename to read from
66
+ -o, --output [file] filename to write to
67
+
68
+ Flags:
69
+ -b, --backup create a backup file in the edit mode
70
+ -v, --verbose show additional information
71
+ -q, --quiet do not print to STDOUT
72
+ -T, --trace print a backtrace of any errors
73
+ -D, --debug print debugging information
74
+ -V, --version print library version
75
+ -N, --no-color disable color output
76
+ -A, --sym-args read more CLI arguments from $SYM_ARGS
77
+
78
+ Utility:
79
+ -B, --bash-support [file] append bash completion & utils to a file
80
+ such as ~/.bash_profile or ~/.bashrc
81
+
82
+ Help & Examples:
83
+ -E, --examples show several examples
84
+ -h, --help show help
85
+ ```
86
+
87
+ ## Examples
88
+
89
+ ```bash
90
+ # generate a new private key into an environment variable:
91
+ export mykey=$(sym -g)
92
+ echo $mykey
93
+ 75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4=
94
+ ————————————————————————————————————————————————————————————————————————————————
95
+ # generate a new key with a cached password & save to the default key file
96
+ sym -gcpqo /Users/kig/.sym.key
97
+ New Password : ••••••••••
98
+ Confirm Password : ••••••••••
99
+ ————————————————————————————————————————————————————————————————————————————————
100
+ # encrypt a plain text string with default key file, and immediately decrypt it
101
+ sym -es "secret string" | sym -d
102
+ secret string
103
+ ————————————————————————————————————————————————————————————————————————————————
104
+ # encrypt secrets file using key in the environment, and --negate option:
105
+ export PRIVATE_KEY="75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4="
106
+ sym -ck PRIVATE_KEY -n secrets.yml
107
+
108
+ ————————————————————————————————————————————————————————————————————————————————
109
+ # encrypt a secrets file using the key in the keychain:
110
+ sym -gqx keychain.key
111
+ sym -ck keychain.key -n secrets.yml
112
+ secret string
113
+ ————————————————————————————————————————————————————————————————————————————————
114
+ # encrypt/decrypt sym.yml using the default key file
115
+ sym -gcq > /Users/kig/.sym.key
116
+ sym -n secrets.yml
117
+ sym -df secrets.yml.enc
118
+ ————————————————————————————————————————————————————————————————————————————————
119
+ # decrypt an encrypted file and print it to STDOUT:
120
+ sym -ck production.key -df secrets.yml.enc
121
+ ————————————————————————————————————————————————————————————————————————————————
122
+ # edit an encrypted file in $EDITOR, use default key file, create file backup
123
+ sym -tbf secrets.enc
124
+
125
+ Private Key: ••••••••••••••••••••••••••••••••••••••••••••
126
+ Saved encrypted content to sym.enc.
127
+
128
+ Diff:
129
+ 3c3
130
+ # (c) 2015 Konstantin Gredeskoul. All rights reserved.
131
+ ---
132
+ # (c) 2016 Konstantin Gredeskoul. All rights reserved.
133
+ ————————————————————————————————————————————————————————————————————————————————
134
+ # generate a new password-encrypted key, save it to your Keychain:
135
+ sym -gpcx staging.key
136
+ ————————————————————————————————————————————————————————————————————————————————
137
+ # use the new key to encrypt a file:
138
+ sym -e -c -k staging.key -n etc/passwords.enc
139
+ ————————————————————————————————————————————————————————————————————————————————
140
+ # use the new key to inline-edit the encrypted file:
141
+ sym -k mykey -tf sym.yml.enc
142
+ ————————————————————————————————————————————————————————————————————————————————
143
+ ```
@@ -110,12 +110,24 @@ symit::locs() {
110
110
  echo -n ${locations[*]}
111
111
  }
112
112
 
113
+ symit::locs::print() {
114
+ printf "Search locations:\n"
115
+ for loc in ${locations[@]}; do
116
+ if [[ -n "${loc}" ]] ; then
117
+ printf "\t - ${bldblu}${loc}${txtrst}\n"
118
+ fi
119
+ done
120
+ }
121
+
113
122
  symit::exit() {
114
123
  code=${1:-0}
124
+ echo -n ${code}
125
+ }
126
+
127
+ symit::cleanup() {
115
128
  unset encrypted_file
116
129
  unset cli__opts
117
130
  unset locations
118
- echo -n ${code}
119
131
  }
120
132
 
121
133
  symit() {
@@ -140,6 +152,7 @@ symit() {
140
152
  -h|-\?|--help)
141
153
  shift
142
154
  symit::usage
155
+ symit::cleanup
143
156
  return $(symit::exit 0)
144
157
  ;;
145
158
 
@@ -171,6 +184,7 @@ symit() {
171
184
  -i|--install)
172
185
  shift
173
186
  symit::install
187
+ symit::cleanup
174
188
  return $(symit::exit 0)
175
189
  ;;
176
190
 
@@ -186,6 +200,7 @@ symit() {
186
200
 
187
201
  -?*)
188
202
  printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
203
+ symit::cleanup
189
204
  return $(symit::exit 127)
190
205
  shift
191
206
  ;;
@@ -201,24 +216,24 @@ symit() {
201
216
  if [[ ${cli__opts[locations]} == ${true} ]]; then
202
217
  if [[ -z ${encrypted_file} ]]; then
203
218
  symit::error "-l/--locations requires file-spec to be provided as the 1st argument"
219
+ symit::cleanup
204
220
  return $(symit::exit 2)
221
+ else
222
+ symit::locs::print
223
+ symit::cleanup
224
+ return $(symit::exit 0)
205
225
  fi
206
- printf "search locations:\n"
207
- for loc in ${locations[@]}; do
208
- if [[ -n "${loc}" ]] ; then
209
- printf "\t - ${loc}\n"
210
- fi
211
- done
212
- return $(symit::exit 0)
213
226
  fi
214
227
 
215
228
  if [[ -z "${encrypted_file}" ]]; then
216
229
  symit::error "Missing 1st argument — file name to be loaded, eg 'production', etc."
230
+ symit::cleanup
217
231
  return $(symit::exit 3)
218
232
  fi
219
233
 
220
234
  if [[ -z "${cli__opts[key]}" ]]; then
221
235
  symit::error "Key was not defined, pass it with ${bldblu}-k key-spec${bldred} or set it via ${bldgrn}\$sym__key${bldred} variable."
236
+ symit::cleanup
222
237
  return $(symit::exit 4)
223
238
  fi
224
239
 
@@ -231,7 +246,9 @@ symit() {
231
246
  done
232
247
 
233
248
  [[ -z "${file}" ]] && {
234
- symit::error "${encrypted_file} could not be found."
249
+ symit::error "${bldylw}${encrypted_file}${bldred} could not be found."
250
+ symit::locs::print
251
+ symit::cleanup
235
252
  return $(symit::exit 5)
236
253
  }
237
254
 
@@ -5,7 +5,10 @@ module Sym
5
5
  class Stdout < ::Sym::App::Output::Base
6
6
  required_option nil
7
7
  def output_proc
8
- ->(argument) { printf "%s", argument }
8
+ ->(argument) do
9
+ printf '%s', argument
10
+ printf "\n" if STDOUT.tty?
11
+ end
9
12
  end
10
13
  end
11
14
  end
@@ -1,15 +1,28 @@
1
1
  module Sym
2
- VERSION = '2.5.1'
2
+ VERSION = '2.5.3'
3
3
  DESCRIPTION = <<-eof
4
- Sym is a command line utility and a Ruby API that makes it trivial to encrypt and decrypt
5
- sensitive data. Unlike many other existing encryption tools, sym focuses on usability and
6
- streamlined interface (CLI), with the goal of making encryption easy and transparent.
7
- The result? There is no excuse for keeping your application secrets unencrypted :)
8
-
9
- You can password-protect the key for an additional layer of security, and store the key in the
10
- OS-X keychain. Use the key to reliably encrypt, decrypt and re-encrypt your application
11
- secrets. Use the -t CLI switch to transparently edit an encrypted file in an editor of your choice.
4
+ Sym is a command line utility plus a straightforward Ruby API that makes it easy to
5
+ transparently handle sensitive data such as application secrets using symmetric
6
+ encryption with a 256bit key.
7
+
8
+ Unlike many modern encryption tools, sym focuses on the streamlined interface (CLI),
9
+ and offers many time-saving features that make encryption/decryption of application
10
+ secrets and other sensitive data as seamless as possible.
12
11
 
13
- Sym uses a symmetric aes-256-cbc cipher with a private key and an IV vector.
12
+ You can encrypt the key itself with a password, for an additional layer of security.
13
+ You can choose to save the key to OS-X Keychain, making it difficult to get the key
14
+ when only disk is accessible. Using memcached or DRb sym can cache passwords so that
15
+ you don't have to retype it too often. Finally, the -t flag (edit mode) decrypts
16
+ the file on the fly, and lets you edit the unencrypted contents in $EDITOR.
17
+
18
+ Sym can read the key from many sources, including file, environment variable,
19
+ keychain, or CLI argument — all of the above become arguments of -k flag: one
20
+ flag to define the key no matter where it lives.
21
+
22
+ Finally, set environment variable SYM_ARGS to common flags you use, and then
23
+ have sym read these flags, activating this time-saving feature with -A flag.
24
+
25
+ Sym uses a symmetric aes-256-cbc cipher with a private key and an IV vector,
26
+ and is built atop of OpenSSL.
14
27
  eof
15
28
  end
@@ -21,17 +21,16 @@ Gem::Specification.new do |spec|
21
21
  spec.require_paths = ['lib']
22
22
  spec.required_ruby_version = '>= 2.2'
23
23
  spec.post_install_message = <<-EOF
24
- Thank you for installing this gem!
24
+ Thank you for installing this gem! We hope you like it :)
25
25
 
26
- To enable bash command line completion, please run the following
27
- command, which appends sym's shell completion to the specified file:
28
-
29
- sym --bash-completion ~/.bash_profile
30
-
31
- (or any other shell initialization file of your preference).
26
+ NOTE: To enable bash command line completion, please run the following
27
+ command, which appends sym's shell completion to the file specified
28
+ in arguments to -B/--bash-support flag.
32
29
 
30
+ sym -B ~/.bash_profile
31
+
33
32
  Thank you for checking out Sym and happy crypting :)
34
- -- KG ( github.com/kigster | twitter.com/kig )
33
+ -- KG ( github.com/kigster | twitter.com/kig )
35
34
  EOF
36
35
  spec.add_dependency 'colored2', '~> 3'
37
36
  spec.add_dependency 'slop', '~> 4.3'
@@ -48,4 +47,4 @@ EOF
48
47
  spec.add_development_dependency 'rspec', '~> 3'
49
48
  spec.add_development_dependency 'rspec-its'
50
49
  spec.add_development_dependency 'yard'
51
- end
50
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sym
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.1
4
+ version: 2.5.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Konstantin Gredeskoul
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-03-07 00:00:00.000000000 Z
11
+ date: 2017-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colored2
@@ -206,16 +206,23 @@ dependencies:
206
206
  - - ">="
207
207
  - !ruby/object:Gem::Version
208
208
  version: '0'
209
- description: " Sym is a command line utility and a Ruby API that makes it trivial
210
- to encrypt and decrypt \n sensitive data. Unlike many other existing encryption
211
- tools, sym focuses on usability and \n streamlined interface (CLI), with the
212
- goal of making encryption easy and transparent. \n The result? There is no excuse
213
- for keeping your application secrets unencrypted :)\n\n You can password-protect
214
- the key for an additional layer of security, and store the key in the \n OS-X
215
- keychain. Use the key to reliably encrypt, decrypt and re-encrypt your application
216
- \n secrets. Use the -t CLI switch to transparently edit an encrypted file in
217
- an editor of your choice.\n \n Sym uses a symmetric aes-256-cbc cipher with a
218
- private key and an IV vector.\n"
209
+ description: " Sym is a command line utility plus a straightforward Ruby API that
210
+ makes it easy to \n transparently handle sensitive data such as application secrets
211
+ using symmetric\n encryption with a 256bit key.\n \n Unlike many modern encryption
212
+ tools, sym focuses on the streamlined interface (CLI),\n and offers many time-saving
213
+ features that make encryption/decryption of application\n secrets and other sensitive
214
+ data as seamless as possible. \n \n You can encrypt the key itself with a password,
215
+ for an additional layer of security.\n You can choose to save the key to OS-X
216
+ Keychain, making it difficult to get the key\n when only disk is accessible.
217
+ Using memcached or DRb sym can cache passwords so that\n you don't have to retype
218
+ it too often. Finally, the -t flag (edit mode) decrypts\n the file on the fly,
219
+ and lets you edit the unencrypted contents in $EDITOR. \n\n Sym can read the
220
+ key from many sources, including file, environment variable, \n keychain, or
221
+ CLI argument — all of the above become arguments of -k flag: one \n flag to define
222
+ the key no matter where it lives.\n\n Finally, set environment variable SYM_ARGS
223
+ to common flags you use, and then\n have sym read these flags, activating this
224
+ time-saving feature with -A flag. \n \n Sym uses a symmetric aes-256-cbc
225
+ cipher with a private key and an IV vector, \n and is built atop of OpenSSL.\n"
219
226
  email:
220
227
  - kigster@gmail.com
221
228
  executables:
@@ -236,6 +243,7 @@ files:
236
243
  - LICENSE
237
244
  - README.md
238
245
  - Rakefile
246
+ - SYM-CLI.md
239
247
  - bin/console
240
248
  - bin/setup
241
249
  - bin/sym.completion
@@ -297,11 +305,11 @@ files:
297
305
  homepage: https://github.com/kigster/sym
298
306
  licenses: []
299
307
  metadata: {}
300
- post_install_message: "Thank you for installing this gem! \n\nTo enable bash command
301
- line completion, please run the following \ncommand, which appends sym's shell completion
302
- to the specified file:\n\n sym --bash-completion ~/.bash_profile \n\n(or any other
303
- shell initialization file of your preference).\n\nThank you for checking out Sym
304
- and happy crypting :)\n -- KG ( github.com/kigster | twitter.com/kig )\n"
308
+ post_install_message: "Thank you for installing this gem! We hope you like it :) \n\nNOTE:
309
+ To enable bash command line completion, please run the following \ncommand, which
310
+ appends sym's shell completion to the file specified\nin arguments to -B/--bash-support
311
+ flag.\n\n sym -B ~/.bash_profile\n \nThank you for checking out Sym and happy crypting
312
+ :)\n -- KG ( github.com/kigster | twitter.com/kig )\n"
305
313
  rdoc_options: []
306
314
  require_paths:
307
315
  - lib