class CLI

This command line processor extends the Thor gem CLI tools in order to

Public Instance Methods

commit() click to toggle source

The commit use case commits any changes made to the safe book into master. This is straightforward if the master's state has not been forwarded by a ckeckin from another (shell) branch.

# File lib/cli.rb, line 286
def commit
  log.info(x) { "commit (save) any changes made to this branch into the master." }
  SafeDb::Commit.new.flow()
end
copy( line = nil ) click to toggle source

Copy into the clipboard the value held by the named line at the current book's open chapter and verse.

This is more accurate and more secure than echoing the password and then performing a SELECT then COPY and then PASTE.

Use safe clear to wipe (overwrite) the sensitive value in the clipboard.

@param line [String] the name of the line whose data will be copied.

If no line is given the default @password is assumed.
# File lib/cli.rb, line 172
def copy( line = nil )
  log.info(x) { "copy the line value at the current chpater/verse into the clipboard." }
  copy_uc = SafeDb::Copy.new
  copy_uc.line = line
  copy_uc.flow()
end
diff() click to toggle source

The diff use case spells out the key differences between the safe book on the master line the one on the current working branch.

By default when conflicts occur, priority is given to the current working branch. No parameters are required to perform a diff.

# File lib/cli.rb, line 273
def diff
  log.info(x) { "prophesy list of either refresh or commit actions." }
  SafeDb::Diff.new().flow()
end
docker( command = "login" ) click to toggle source

This docker use case .…

safe docker login
safe docker logout

@param command [String]

the action to be taken which is currently limited to either
login or logout
# File lib/cli.rb, line 685
def docker( command = "login" )

  log.info(x) { "request to #{command} into or out of a docker repository." }
  docker_uc = SafeDb::Docker.new
  docker_uc.command = command
  docker_uc.flow()

end
export() click to toggle source

Export one, some or all chapters, verses and lines within the logged in book. The –print flag demands that the exported text goes to stdout otherwise it will be placed in an aptly named file in the present working directory.

# File lib/cli.rb, line 312
def export
  log.info(x) { "export book chapter content or dictionary at verse in JSON format." }
  SafeDb::Export.new.flow()
end
generate( line = "@password" ) click to toggle source

The generate use case generates a random string credential that abides by the laws set out by configured and/or default parameter properties. These properties include the character superset to which all credential characters belong, the median length of the credential and the (give or take) span denoting the shortest and longest possible credentials.

@param line [String] name of line the credential is stored against. Defaults to @password

# File lib/cli.rb, line 468
def generate( line = "@password" )
  log.info(x) { "generate a string credential and store it against line [#{line}]." }
  generate_uc = SafeDb::Generate.new()
  generate_uc.line = line
  generate_uc.flow()
end
git() click to toggle source

method_option :provision, :type => :boolean, :aliases => “-p”

# File lib/cli.rb, line 401
  def git
    log.info(x) { "performing a git repository interaction." }
####    git_uc = SafeDb::Git.new()
#####    remote_uc.provision = true if options[ :provision ]
#####    remote_uc.provision = false unless options[ :provision ]
####    git_uc.flow()
    SafeDb::Git.new().flow()
  end
goto(index) click to toggle source

Goto is a shortcut (or alias even) for the open command that takes an integer index that effectively specifies which <envelope> and <key> to open.

@param index [Number]

the integer index chosen from the list procured by the view command.
# File lib/cli.rb, line 592
def goto index
  log.info(x) { "opens the chapter and verse at index [#{index}]." }
  goto_uc = SafeDb::Goto.new
  goto_uc.index = index
  goto_uc.flow()

end
id() click to toggle source

Put out the multiple formats of the current timestamp.

# File lib/cli.rb, line 718
def id
  log.info(x) { "prints out the current timestamp identifiers." }
  id_uc = SafeDb::Id.new
  id_uc.flow()
end
import(import_filepath) click to toggle source

The import use case takes a filepath parameter in order to pull in a json formatted data structure. @param import_filepath [String] the path to the JSON file that we will import

# File lib/cli.rb, line 325
def import import_filepath
  log.info(x) { "importing into current book from file #{import_filepath}." }
  import_uc = SafeDb::Import.new
  import_uc.import_filepath = import_filepath
  import_uc.flow()    
end
init( book_name ) click to toggle source

Initialize a safe credentials book with this name and collect the human sourced pasword to be put through key derivation functions.

@param book_name [String] the name of the credentials book to be created

# File lib/cli.rb, line 95
def init( book_name )
  log.info(x) { "initialize a new safe credentials book called [#{book_name}]." }
  init_uc = SafeDb::Init.new
  init_uc.password = options[ :password ] if options[ :password ]
  init_uc.book_name = book_name
  init_uc.flow()
end
jenkins( command, service, url ) click to toggle source

This Jenkins use case injects for example the AWS IAM user access key, secret key and region key into a running Jenkins CI (Continuous Integration) service at the specified (url) location.

safe jenkins post aws http://localhost:8080

@param command [String]

the action to be taken which is currently limited to be [post].

@param service [String]

Which service do the credentials being posted originate from? The crrent list includes

  - aws      ( the 3 IAM user credentials )
  - docker   ( the username / password of docker repository )
  - git      ( the username/password of Git repository )
  - rubygems ( the username / password of RubyGems package manager account )

@param url [String]

the full url of the jenkins service for example http://localhost:8080
which includes the scheme (http|https) the hostname or ip address and
the port jenkins is listening on (if not the default 80 or 443).
# File lib/cli.rb, line 659
def jenkins( command, service, url )

  log.info(x) { "request to #{command} #{service} credentials to Jenkins at #{url}" }
  jenkins_uc = SafeDb::Jenkins.new

  jenkins_uc.command = command if command
  jenkins_uc.service = service if service
  jenkins_uc.url     = url     if url

  jenkins_uc.flow()

end
keys( keypair_name = nil ) click to toggle source

The default action of the keys use case is to create a private and public keypair and store them within the open chapter and verse. @param keypair_name [String] optional name of the keypair (for example gitlab)

# File lib/cli.rb, line 514
def keys( keypair_name = nil )
  log.info(x) { "Generate an elliptic curve private and public cryptographic keys." }
  log.info(x) { "The keypair name [ #{keypair_name} ] was given." } if keypair_name
  keys_uc = SafeDb::Keys.new
  keys_uc.keypair_name = keypair_name if keypair_name
  keys_uc.flow()
end
login( book_name = nil ) click to toggle source

Login in order to securely interact with your safe credentials. @param book_name [String] the name of the credentials book to login to

# File lib/cli.rb, line 119
def login( book_name = nil )
  log.info(x) { "login attempt to the safe book called [#{book_name}]." }
  login_uc = SafeDb::Login.new
  login_uc.book_name = book_name unless book_name.nil?
  login_uc.password = options[ :password ] if options[ :password ]
  login_uc.clip = true if options[ :clip ]
  login_uc.clip = false unless options[ :clip ]
  login_uc.flow()
end
obliterate() click to toggle source

The obliterate command does not need to be secured behind authentication because all it does is delete a directory. Not withstanding taking a backup - this command is exactly like the bash rm -fr command.

# File lib/cli.rb, line 432
def obliterate
  log.info(x) { "request to obliterate the safedb master database." }
  SafeDb::Obliterate.new().flow()
end
open(chapter, verse) click to toggle source

Open up a conduit (path) to the place where we can issue read, create, update, and destroy commands.

The allowed characters that makeup chapter and verse aside from alphanumerics are

  • dollar signs

  • percent signs

  • ampersands

  • hyphens

  • underscores

  • plus signs

  • equal signs

  • @ signs

  • period characters and

  • question marks

Notably whitespace including spaces and tabs are not allowed.

@param chapter [String]

the chapter of the logged in book to open

@param verse [String]

the verse of the logged in book and specified chapter to open
# File lib/cli.rb, line 253
def open chapter, verse
  log.info(x) { "open a chapter and verse to read from or write to." }
  open_uc = SafeDb::Open.new
  open_uc.chapter = chapter
  open_uc.verse = verse
  open_uc.flow()
end
paste( line = nil ) click to toggle source

Paste the current clipboard or selection text into the specified line at the current book's open chapter and verse.

Sensitive values now neither need to be put on the commnad line (safe put) or inputted perhaps with a typo when using (safe input).

Use safe wipe to wipe (overwrite) any sensitive values that has been placed on the clipboard.

@param line [String] the name of the line that the copied data will be

placed alongside. The line either may or may not exist.
# File lib/cli.rb, line 195
def paste( line = nil )
  log.info(x) { "paste the line value within the clipboard into the current chpater/verse." }
  paste_uc = SafeDb::Paste.new
  paste_uc.line = line
  paste_uc.flow()
end
print(key_name) click to toggle source

Print the value of the specified key belonging to a dictionary at the opened chapter and verse of the currently logged in book.

@param key_name [String] the key whose value is to be printed

push() click to toggle source

This simple command does not require the user to be logged into a specific book. The only pre-condition is that safe remote –provision has been successfully run thus placing the required remote origin urls.

# File lib/cli.rb, line 418
def push
  log.info(x) { "request to push safe crypts to the remote backend." }
  SafeDb::Push.new().flow()
end
put(credential_id, credential_value) click to toggle source

Put a secret with an id like login/username and a value like joebloggs into the context (eg work/laptop) that was opened with the open command.

@param credential_id [String] the id of the secret to put into the opened context @param credential_value [String] the value of the secret to put into the opened context

# File lib/cli.rb, line 342
def put credential_id, credential_value
  log.info(x) { "put key/value pair into dictionary at open chapter and verse." }
  put_uc = SafeDb::Put.new
  put_uc.credential_id = credential_id
  put_uc.credential_value = credential_value
  put_uc.flow()
end
read(file_key, file_url) click to toggle source

The read use case pulls a file in from either an accessible filesystem.

@param file_key [String] keyname representing the file that is being read in @param file_url [String] url of file to ingest and assimilate into the safe

# File lib/cli.rb, line 531
def read file_key, file_url
  log.info(x) { "read file into key #{file_key} from url #{file_url}" }
  read_uc = SafeDb::Read.new
  read_uc.file_key = file_key
  read_uc.file_url = file_url
  read_uc.flow()
end
refresh() click to toggle source

The refresh use case commits any changes made to the safe book into master. This is straightforward if the master's state has not been forwarded by a ckeckin from another (shell) branch.

# File lib/cli.rb, line 299
def refresh
  log.info(x) { "refresh (update) the working branch with changes from the master." }
  SafeDb::Refresh.new.flow()
end
remote() click to toggle source

Creates remote storage for the safe database crypt files.

# File lib/cli.rb, line 361
def remote
  log.info(x) { "performing a remote storage use case. The provision flag is set to #{options[ :provision ]}." }
  remote_uc = SafeDb::RemoteGithubToken.new()
  remote_uc.provision = true if options[ :provision ]
  remote_uc.provision = false unless options[ :provision ]
  remote_uc.flow()
end
remove(line_id) click to toggle source

The remove use case can remove a single line (key/value pair), or a verse, chapter and even a book

@param line_id [String] the ID of the entity to remove (line, verse, chapter or book)

# File lib/cli.rb, line 484
def remove line_id
  log.info(x) { "remove a safe entity with a key id [#{line_id}]." }
  remove_uc = SafeDb::Remove.new()
  remove_uc.line_id = line_id
  remove_uc.flow()
end
rename(now_name, new_name) click to toggle source

The rename use case can rename an existing chapter, verse or line. @param now_name [String] the existing name of the chapter, verse or line @param new_name [String] the new name the chapter, verse or line goes by

# File lib/cli.rb, line 499
def rename now_name, new_name
  log.info(x) { "rename the existing chapter, verse or line from [ #{now_name} ] to [ #{new_name} ]." }
  rename_uc = SafeDb::Rename.new()
  rename_uc.now_name = now_name
  rename_uc.new_name = new_name
  rename_uc.flow()
end
set(directive_name, directive_value) click to toggle source

The set use case is the generic tool for setting book scoped configuration directives. These directives can only be read, written, updated or removed during a logged in branch.

@param directive_name [String] the name of the book-scoped configuration directive @param directive_value [String] the value of the book-scoped configuration directive

# File lib/cli.rb, line 448
def set directive_name, directive_value
  log.info(x) { "set the configuration directive value for #{directive_name}" }
  set_uc = SafeDb::Set.new
  set_uc.directive_name = directive_name
  set_uc.directive_value = directive_value
  set_uc.flow()
end
show() click to toggle source

Show the secrets at the opened path. These secrets are simply written out to the shell console.

# File lib/cli.rb, line 564
def show
  log.info(x) { "show dictionary at the opened chapter and verse." }
  SafeDb::Show.new.flow()
end
tell() click to toggle source

Detail the secret key/value pairs that start with the @ symbol.

# File lib/cli.rb, line 135
def tell
  log.info(x) { "tell the secret key/value pairs that begin with the @ symbol." }
  SafeDb::Tell.new().flow()
end
terraform( command = nil ) click to toggle source

This terraform use case exports the AWS IAM user access key, secret key and region key into (very safe) environment variables and then runs terraform plan, apply or destroy.

This is both ultra secure and extremely convenient because the credentials do not leave the safe and exist within (environment variable) memory only for the duration of the terraform command.

It is safe because you do not need to expose your AWS credentials in plain text. It is convenient because switching IAM users and AWS regions is as easy as typing the now ubiquitous safe open command.

safe open <<chapter>> <<verse>>

@param command [String]

the terraform command to run which is currently limited to plan, apply and destroy.
This parameter is optional and if nothing is given then "apply" is assumed.
# File lib/cli.rb, line 621
def terraform( command = nil )
  log.info(x) { "will export IAM credentials then invoke $ terraform #{command}" }
  terraform_uc = SafeDb::Terraform.new
  terraform_uc.command = command if command
  terraform_uc.debug = true if options[ :debug ]
  terraform_uc.debug = false unless options[ :debug ]
  terraform_uc.flow()
end
token() click to toggle source

Thetoken use cases prints out an encrypted shell token tied to the workstation and shell environment.

# File lib/cli.rb, line 209
def token
  log.info(x) { "generate and print out an encrypted (shell bound) shell token" }
  SafeDb::Token.new.flow()
end
version() click to toggle source

Printout the version of this safedb.net command line interface. The version should be extracted whether the user types in

  • either safe --version

  • or safe version

# File lib/cli.rb, line 70
def version
  log.info(x) { "print the version of this safedb.net personal database." }

  puts ""
  puts "safedb gem version => v#{SafeDb::VERSION}"
  puts "time and date now  => #{SafeDb::TimeStamp.human_readable()}"
  puts "safedb @github.com => https://github.com/devops4me/safedb.net"
  puts "safe @rubygems.org => https://rubygems.org/gems/safedb"
  puts ""

end
view() click to toggle source

Display a bird's eye view of the domain's database including its envelopes, their keys and imported objects such as files.

# File lib/cli.rb, line 576
def view
  log.info(x) { "print list of chapter and verse combos to console." }
  view_uc = SafeDb::View.new
  view_uc.flow()
end
vpn( command = nil ) click to toggle source

This VPN use case connects to the VPN whose specifics are recorded within the vpn.ini factfile living in the same directory as the vpn.rb controlling class.

@param command [String]

the vpn command to run which is currently limited to up or down
This parameter is optional and if nothing is given then "up" is assumed.
# File lib/cli.rb, line 705
def vpn( command = nil )
  log.info(x) { "VPN connection command #{command} has been issued." }
  vpn_uc = SafeDb::Vpn.new
  vpn_uc.command = command if command
  vpn_uc.flow()
end
wipe() click to toggle source

Thewipe use case clears out any sensitive information from the clipboard.

# File lib/cli.rb, line 220
def wipe
  log.info(x) { "wipe out any sensitive information from the clipboard." }
  SafeDb::Wipe.new.flow()
end
write( file_key ) click to toggle source

The write use case writes out a file that was previously ingested and coccooned inside the safe.

@param file_key [String] the key name of the file to write out onto the filesystem

# File lib/cli.rb, line 548
def write( file_key )
  log.info(x) { "write out the file against key #{file_key}" }
  log.info(x) { "output folder optionally set to #{options[:to_dir]}" } if options[:to_dir]
  write_uc = SafeDb::Write.new
  write_uc.file_key = file_key
  write_uc.to_dir = options[:to_dir] if options[:to_dir]
  write_uc.flow()
end