class CLI
This command line processor extends the Thor gem CLI
tools in order to
-
read the posted commands, options and switches
-
maps the incoming string data to objects
-
assert that the mandatory options exist
-
assert the type of each parameter
-
ensure that the parameter values are in range
-
delegate processing to the registered handlers
Public Instance Methods
The commit use case commits any changes made to the safe book into master. This is straightforward if the master's state has not been forwarded by a ckeckin from another (shell) branch.
# File lib/cli.rb, line 286 def commit log.info(x) { "commit (save) any changes made to this branch into the master." } SafeDb::Commit.new.flow() end
Copy into the clipboard the value held by the named line at the current book's open chapter and verse.
This is more accurate and more secure than echoing the password and then performing a SELECT then COPY and then PASTE.
Use safe clear to wipe (overwrite) the sensitive value in the clipboard.
@param line [String] the name of the line whose data will be copied.
If no line is given the default @password is assumed.
# File lib/cli.rb, line 172 def copy( line = nil ) log.info(x) { "copy the line value at the current chpater/verse into the clipboard." } copy_uc = SafeDb::Copy.new copy_uc.line = line copy_uc.flow() end
The diff use case spells out the key differences between the safe book on the master line the one on the current working branch.
By default when conflicts occur, priority is given to the current working branch. No parameters are required to perform a diff.
# File lib/cli.rb, line 273 def diff log.info(x) { "prophesy list of either refresh or commit actions." } SafeDb::Diff.new().flow() end
This docker use case .…
safe docker login safe docker logout
@param command [String]
the action to be taken which is currently limited to either login or logout
# File lib/cli.rb, line 685 def docker( command = "login" ) log.info(x) { "request to #{command} into or out of a docker repository." } docker_uc = SafeDb::Docker.new docker_uc.command = command docker_uc.flow() end
Export one, some or all chapters, verses and lines within the logged in book. The –print flag demands that the exported text goes to stdout otherwise it will be placed in an aptly named file in the present working directory.
# File lib/cli.rb, line 312 def export log.info(x) { "export book chapter content or dictionary at verse in JSON format." } SafeDb::Export.new.flow() end
The generate use case generates a random string credential that abides by the laws set out by configured and/or default parameter properties. These properties include the character superset to which all credential characters belong, the median length of the credential and the (give or take) span denoting the shortest and longest possible credentials.
@param line [String] name of line the credential is stored against. Defaults to @password
# File lib/cli.rb, line 468 def generate( line = "@password" ) log.info(x) { "generate a string credential and store it against line [#{line}]." } generate_uc = SafeDb::Generate.new() generate_uc.line = line generate_uc.flow() end
method_option :provision, :type => :boolean, :aliases => “-p”
# File lib/cli.rb, line 401 def git log.info(x) { "performing a git repository interaction." } #### git_uc = SafeDb::Git.new() ##### remote_uc.provision = true if options[ :provision ] ##### remote_uc.provision = false unless options[ :provision ] #### git_uc.flow() SafeDb::Git.new().flow() end
Goto is a shortcut (or alias even) for the open command that takes an integer index that effectively specifies which <envelope> and <key> to open.
@param index [Number]
the integer index chosen from the list procured by the view command.
# File lib/cli.rb, line 592 def goto index log.info(x) { "opens the chapter and verse at index [#{index}]." } goto_uc = SafeDb::Goto.new goto_uc.index = index goto_uc.flow() end
Put out the multiple formats of the current timestamp.
# File lib/cli.rb, line 718 def id log.info(x) { "prints out the current timestamp identifiers." } id_uc = SafeDb::Id.new id_uc.flow() end
The import use case takes a filepath parameter in order to pull in a json formatted data structure. @param import_filepath [String] the path to the JSON file that we will import
# File lib/cli.rb, line 325 def import import_filepath log.info(x) { "importing into current book from file #{import_filepath}." } import_uc = SafeDb::Import.new import_uc.import_filepath = import_filepath import_uc.flow() end
Initialize a safe credentials book with this name and collect the human sourced pasword to be put through key derivation functions.
@param book_name [String] the name of the credentials book to be created
# File lib/cli.rb, line 95 def init( book_name ) log.info(x) { "initialize a new safe credentials book called [#{book_name}]." } init_uc = SafeDb::Init.new init_uc.password = options[ :password ] if options[ :password ] init_uc.book_name = book_name init_uc.flow() end
This Jenkins use case injects for example the AWS IAM user access key, secret key and region key into a running Jenkins CI (Continuous Integration) service at the specified (url) location.
safe jenkins post aws http://localhost:8080
@param command [String]
the action to be taken which is currently limited to be [post].
@param service [String]
Which service do the credentials being posted originate from? The crrent list includes - aws ( the 3 IAM user credentials ) - docker ( the username / password of docker repository ) - git ( the username/password of Git repository ) - rubygems ( the username / password of RubyGems package manager account )
@param url [String]
the full url of the jenkins service for example http://localhost:8080 which includes the scheme (http|https) the hostname or ip address and the port jenkins is listening on (if not the default 80 or 443).
# File lib/cli.rb, line 659 def jenkins( command, service, url ) log.info(x) { "request to #{command} #{service} credentials to Jenkins at #{url}" } jenkins_uc = SafeDb::Jenkins.new jenkins_uc.command = command if command jenkins_uc.service = service if service jenkins_uc.url = url if url jenkins_uc.flow() end
The default action of the keys use case is to create a private and public keypair and store them within the open chapter and verse. @param keypair_name [String] optional name of the keypair (for example gitlab)
# File lib/cli.rb, line 514 def keys( keypair_name = nil ) log.info(x) { "Generate an elliptic curve private and public cryptographic keys." } log.info(x) { "The keypair name [ #{keypair_name} ] was given." } if keypair_name keys_uc = SafeDb::Keys.new keys_uc.keypair_name = keypair_name if keypair_name keys_uc.flow() end
Login in order to securely interact with your safe credentials. @param book_name [String] the name of the credentials book to login to
# File lib/cli.rb, line 119 def login( book_name = nil ) log.info(x) { "login attempt to the safe book called [#{book_name}]." } login_uc = SafeDb::Login.new login_uc.book_name = book_name unless book_name.nil? login_uc.password = options[ :password ] if options[ :password ] login_uc.clip = true if options[ :clip ] login_uc.clip = false unless options[ :clip ] login_uc.flow() end
The obliterate command does not need to be secured behind authentication because all it does is delete a directory. Not withstanding taking a backup - this command is exactly like the bash rm -fr command.
# File lib/cli.rb, line 432 def obliterate log.info(x) { "request to obliterate the safedb master database." } SafeDb::Obliterate.new().flow() end
Open up a conduit (path) to the place where we can issue read, create, update, and destroy commands.
The allowed characters that makeup chapter and verse aside from alphanumerics are
-
dollar signs
-
percent signs
-
ampersands
-
hyphens
-
underscores
-
plus signs
-
equal signs
-
@ signs
-
period characters and
-
question marks
Notably whitespace including spaces and tabs are not allowed.
@param chapter [String]
the chapter of the logged in book to open
@param verse [String]
the verse of the logged in book and specified chapter to open
# File lib/cli.rb, line 253 def open chapter, verse log.info(x) { "open a chapter and verse to read from or write to." } open_uc = SafeDb::Open.new open_uc.chapter = chapter open_uc.verse = verse open_uc.flow() end
Paste the current clipboard or selection text into the specified line at the current book's open chapter and verse.
Sensitive values now neither need to be put on the commnad line (safe put) or inputted perhaps with a typo when using (safe input).
Use safe wipe to wipe (overwrite) any sensitive values that has been placed on the clipboard.
@param line [String] the name of the line that the copied data will be
placed alongside. The line either may or may not exist.
# File lib/cli.rb, line 195 def paste( line = nil ) log.info(x) { "paste the line value within the clipboard into the current chpater/verse." } paste_uc = SafeDb::Paste.new paste_uc.line = line paste_uc.flow() end
Print the value of the specified key belonging to a dictionary at the opened chapter and verse of the currently logged in book.
@param key_name [String] the key whose value is to be printed
# File lib/cli.rb, line 149 def print key_name log.info(x) { "print the key value at the opened chapter and verse." } print_uc = SafeDb::Print.new print_uc.key_name = key_name print_uc.flow() end
This simple command does not require the user to be logged into a specific book. The only pre-condition is that safe remote –provision has been successfully run thus placing the required remote origin urls.
# File lib/cli.rb, line 418 def push log.info(x) { "request to push safe crypts to the remote backend." } SafeDb::Push.new().flow() end
Put a secret with an id like login/username and a value like joebloggs into the context (eg work/laptop) that was opened with the open command.
@param credential_id [String] the id of the secret to put into the opened context @param credential_value [String] the value of the secret to put into the opened context
# File lib/cli.rb, line 342 def put credential_id, credential_value log.info(x) { "put key/value pair into dictionary at open chapter and verse." } put_uc = SafeDb::Put.new put_uc.credential_id = credential_id put_uc.credential_value = credential_value put_uc.flow() end
The read use case pulls a file in from either an accessible filesystem.
@param file_key [String] keyname representing the file that is being read in @param file_url [String] url of file to ingest and assimilate into the safe
# File lib/cli.rb, line 531 def read file_key, file_url log.info(x) { "read file into key #{file_key} from url #{file_url}" } read_uc = SafeDb::Read.new read_uc.file_key = file_key read_uc.file_url = file_url read_uc.flow() end
The refresh use case commits any changes made to the safe book into master. This is straightforward if the master's state has not been forwarded by a ckeckin from another (shell) branch.
# File lib/cli.rb, line 299 def refresh log.info(x) { "refresh (update) the working branch with changes from the master." } SafeDb::Refresh.new.flow() end
Creates remote storage for the safe database crypt files.
# File lib/cli.rb, line 361 def remote log.info(x) { "performing a remote storage use case. The provision flag is set to #{options[ :provision ]}." } remote_uc = SafeDb::RemoteGithubToken.new() remote_uc.provision = true if options[ :provision ] remote_uc.provision = false unless options[ :provision ] remote_uc.flow() end
The remove use case can remove a single line (key/value pair), or a verse, chapter and even a book
@param line_id [String] the ID of the entity to remove (line, verse, chapter or book)
# File lib/cli.rb, line 484 def remove line_id log.info(x) { "remove a safe entity with a key id [#{line_id}]." } remove_uc = SafeDb::Remove.new() remove_uc.line_id = line_id remove_uc.flow() end
The rename use case can rename an existing chapter, verse or line. @param now_name [String] the existing name of the chapter, verse or line @param new_name [String] the new name the chapter, verse or line goes by
# File lib/cli.rb, line 499 def rename now_name, new_name log.info(x) { "rename the existing chapter, verse or line from [ #{now_name} ] to [ #{new_name} ]." } rename_uc = SafeDb::Rename.new() rename_uc.now_name = now_name rename_uc.new_name = new_name rename_uc.flow() end
The set use case is the generic tool for setting book scoped configuration directives. These directives can only be read, written, updated or removed during a logged in branch.
@param directive_name [String] the name of the book-scoped configuration directive @param directive_value [String] the value of the book-scoped configuration directive
# File lib/cli.rb, line 448 def set directive_name, directive_value log.info(x) { "set the configuration directive value for #{directive_name}" } set_uc = SafeDb::Set.new set_uc.directive_name = directive_name set_uc.directive_value = directive_value set_uc.flow() end
Show the secrets at the opened path. These secrets are simply written out to the shell console.
# File lib/cli.rb, line 564 def show log.info(x) { "show dictionary at the opened chapter and verse." } SafeDb::Show.new.flow() end
Detail the secret key/value pairs that start with the @ symbol.
# File lib/cli.rb, line 135 def tell log.info(x) { "tell the secret key/value pairs that begin with the @ symbol." } SafeDb::Tell.new().flow() end
This terraform use case exports the AWS IAM user access key, secret key and region key into (very safe) environment variables and then runs terraform plan, apply or destroy.
This is both ultra secure and extremely convenient because the credentials do not leave the safe and exist within (environment variable) memory only for the duration of the terraform command.
It is safe because you do not need to expose your AWS credentials in plain text. It is convenient because switching IAM users and AWS regions is as easy as typing the now ubiquitous safe open command.
safe open <<chapter>> <<verse>>
@param command [String]
the terraform command to run which is currently limited to plan, apply and destroy. This parameter is optional and if nothing is given then "apply" is assumed.
# File lib/cli.rb, line 621 def terraform( command = nil ) log.info(x) { "will export IAM credentials then invoke $ terraform #{command}" } terraform_uc = SafeDb::Terraform.new terraform_uc.command = command if command terraform_uc.debug = true if options[ :debug ] terraform_uc.debug = false unless options[ :debug ] terraform_uc.flow() end
Thetoken use cases prints out an encrypted shell token tied to the workstation and shell environment.
# File lib/cli.rb, line 209 def token log.info(x) { "generate and print out an encrypted (shell bound) shell token" } SafeDb::Token.new.flow() end
Printout the version of this safedb.net command line interface. The version should be extracted whether the user types in
-
either
safe --version
-
or
safe version
# File lib/cli.rb, line 70 def version log.info(x) { "print the version of this safedb.net personal database." } puts "" puts "safedb gem version => v#{SafeDb::VERSION}" puts "time and date now => #{SafeDb::TimeStamp.human_readable()}" puts "safedb @github.com => https://github.com/devops4me/safedb.net" puts "safe @rubygems.org => https://rubygems.org/gems/safedb" puts "" end
Display a bird's eye view of the domain's database including its envelopes, their keys and imported objects such as files.
# File lib/cli.rb, line 576 def view log.info(x) { "print list of chapter and verse combos to console." } view_uc = SafeDb::View.new view_uc.flow() end
This VPN use case connects to the VPN whose specifics are recorded within the vpn.ini factfile living in the same directory as the vpn.rb controlling class.
@param command [String]
the vpn command to run which is currently limited to up or down This parameter is optional and if nothing is given then "up" is assumed.
# File lib/cli.rb, line 705 def vpn( command = nil ) log.info(x) { "VPN connection command #{command} has been issued." } vpn_uc = SafeDb::Vpn.new vpn_uc.command = command if command vpn_uc.flow() end
Thewipe use case clears out any sensitive information from the clipboard.
# File lib/cli.rb, line 220 def wipe log.info(x) { "wipe out any sensitive information from the clipboard." } SafeDb::Wipe.new.flow() end
The write use case writes out a file that was previously ingested and coccooned inside the safe.
@param file_key [String] the key name of the file to write out onto the filesystem
# File lib/cli.rb, line 548 def write( file_key ) log.info(x) { "write out the file against key #{file_key}" } log.info(x) { "output folder optionally set to #{options[:to_dir]}" } if options[:to_dir] write_uc = SafeDb::Write.new write_uc.file_key = file_key write_uc.to_dir = options[:to_dir] if options[:to_dir] write_uc.flow() end