Class: Yak

Inherits:

Object

• Object
• Yak

Defined in:

lib/yak.rb

Overview

Yak is a simple command line app to store and retrieve passwords securely. Retrieved passwords get copied to the clipboard by default. Config can be set in ~/.yakrc:

:session: 30

Session is the length of time in seconds that Yak will remember the master password. If using sessions is not desired, set:

:session: false

To always set the password by default, use:

:password: plain_text_password

To turn off password confirmation prompts:

:confirm_prompt: false

To set the path to the yak data file:

:data_file: /path/to/file

Using bash completion for stored keys:

:bash_completion: true    #=> completion only available during session
:bash_completion: :always #=> completion always available

Constant Summary

VERSION =

Version of Yak.

"1.0.8"

DEFAULT_CONFIG =

Default config used.

{:session => 30, :bash_completion => true}

CIPHER_ERROR =

Different versions of ruby have a different namespace for CipherError

OpenSSL::Cipher::CipherError rescue OpenSSL::CipherError

Instance Attribute Summary

• #data ⇒ Object readonly

  Returns the value of attribute data.

• #use_completion ⇒ Object readonly

  Returns the value of attribute use_completion.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Class Method Summary

• .check_user_setup(user) ⇒ Object

  Setup yak for first run if it hasn’t been.

• .delete_data(yak) ⇒ Object

  Delete the data file of a yak instance after confirming with the user.

• .list(yak, name = nil) ⇒ Object

  List matched keys of a yak instance.

• .load_config(user) ⇒ Object

  Load the ~/.yakrc file and return.

• .make_config_file(user, new_config = DEFAULT_CONFIG) ⇒ Object

  Create a new user config file.

• .new_password(yak, value = nil) ⇒ Object

  Assign a new master password to a yak instance.

• .parse_args(argv) ⇒ Object

  Parse ARGV data.

• .print_password(yak, name) ⇒ Object

  Get a password value from a yak instance and output it to the stdout.

• .prompt_data_loc(user, hl) ⇒ Object

  Prompt the user for the location of the data file.

• .remove(yak, name) ⇒ Object

  Remove a key/value pair from a yak instance.

• .retrieve(yak, name) ⇒ Object

  Get a password value from a yak instance and copy it to the clipboard.

• .run(argv = ARGV) ⇒ Object

  Run Yak with argv: Yak.run %wkey Yak.run %wkey …

• .send_to_clipboard(string) ⇒ Object

  Send the passed string to the keyboard.

• .setup_bash_completion ⇒ Object

  Check and setup bash completion.

• .store(yak, name, value = nil) ⇒ Object

  Add a key/value pair to a yak instance.

• .yak_config_file(user) ⇒ Object

  Get a user’s yak config file.

Instance Method Summary

• #connect_data ⇒ Object

  Loads and decrypts the data file into the @data attribute.

• #data_file_exists? ⇒ Boolean

  Check if the data file exists.

• #decrypt(string, password = nil) ⇒ Object

  Decrypt a string with a given password.

• #delete_data_file!(confirm = false) ⇒ Object

  Deletes the user’s data file forever!.

• #encrypt(string, password = nil) ⇒ Object

  Encrypt a string with a given password.

• #end_session ⇒ Object

  Stop a session.

• #get_password(plain_pswd = nil) ⇒ Object

  Get a password from either the password file or by prompting the user if a password file is unavailable.

• #has_session? ⇒ Boolean

  Check if a session is active.

• #initialize(user, options = {}) ⇒ Yak constructor

  Create a new Yak instance for a given user: Yak.new “my_user” Yak.new “my_user”, :session => 10 Yak.new ‘whoami`.chomp, :session => false.

• #new_password(password = nil) ⇒ Object

  Prompt the user for a new password (replacing and old one).

• #remove(name) ⇒ Object

  Remove a key/value pair.

• #remove_session_files ⇒ Object

  Deletes files used during a session.

• #retrieve(name) ⇒ Object

  Retrieve a value for a given key.

• #sha_password ⇒ Object

  Get the SHA-encrypted password used for encoding data.

• #start_session ⇒ Object

  Start a new session during which Yak will remember the user’s password.

• #store(name, value = nil) ⇒ Object

  Add a key/value pair.

• #write_data(password = nil) ⇒ Object

  Encrypt and write the Yak data back to the data file.

• #write_key_list ⇒ Object

  Write the key list file.

Constructor Details

#initialize(user, options = {}) ⇒ Yak

Create a new Yak instance for a given user:

Yak.new "my_user"
Yak.new "my_user", :session => 10
Yak.new `whoami`.chomp, :session => false

# File 'lib/yak.rb', line 345

def initialize user, options={}
  @user     = user
  @input    = HighLine.new $stdin, $stderr

  @confirm_prompt = true
  @confirm_prompt = options[:confirm_prompt] if
    options.has_key? :confirm_prompt

  @yak_dir = File.expand_path "~#{user}/.yak"
  FileUtils.mkdir @yak_dir unless File.directory? @yak_dir

  @pid_file      = File.join @yak_dir, "pid"
  @password_file = File.join @yak_dir, "password"
  @data_file     = options[:data_file] || File.join(@yak_dir, "data")

  @key_list_file  = File.join @yak_dir, "keys"
  @use_completion = options[:bash_completion]

  @session_pid = nil
  @session_pid = File.read(@pid_file).to_i if File.file? @pid_file

  @password = nil

  @cipher = OpenSSL::Cipher::Cipher.new "aes-256-cbc"

  @session_length = options.has_key?(:session) ? options[:session] : 30
end

Instance Attribute Details

#data ⇒ Object (readonly)

Returns the value of attribute data.

# File 'lib/yak.rb', line 337

def data
  @data
end

#use_completion ⇒ Object (readonly)

Returns the value of attribute use_completion.

# File 'lib/yak.rb', line 337

def use_completion
  @use_completion
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'lib/yak.rb', line 337

def user
  @user
end

Class Method Details

.check_user_setup(user) ⇒ Object

Setup yak for first run if it hasn’t been.

# File 'lib/yak.rb', line 77

def self.check_user_setup user
  user_config_file = yak_config_file user

  return if File.file? user_config_file

  hl = HighLine.new $stdin, $stderr
  hl.say "\n\nThanks for installing Yak!\n\n"

  setup_bash_completion

  data_file  = prompt_data_loc user, hl

  new_config = DEFAULT_CONFIG.merge(:data_file => data_file)

  make_config_file user, new_config
end

.delete_data(yak) ⇒ Object

Delete the data file of a yak instance after confirming with the user.

# File 'lib/yak.rb', line 203

def self.delete_data yak
  yak.delete_data_file! true
end

.list(yak, name = nil) ⇒ Object

List matched keys of a yak instance.

# File 'lib/yak.rb', line 211

def self.list yak, name=nil
  key_regex = /#{name || ".+"}/

  yak.data.each do |key, value|
    $stdout << "#{key}\n" if key =~ key_regex
  end
end

.load_config(user) ⇒ Object

Load the ~/.yakrc file and return.

# File 'lib/yak.rb', line 146

def self.load_config user
  user_config_file = yak_config_file user

  YAML.load_file user_config_file
end

.make_config_file(user, new_config = DEFAULT_CONFIG) ⇒ Object

Create a new user config file.

# File 'lib/yak.rb', line 156

def self.make_config_file user, new_config=DEFAULT_CONFIG
  user_config_file = yak_config_file user
  config_str = new_config.to_yaml

  File.open(user_config_file, "w+"){|f| f.write config_str }
  $stderr << "Created Yak config file #{user_config_file}:\n"
  $stderr << "#{config_str}---\n\n"
end

.new_password(yak, value = nil) ⇒ Object

Assign a new master password to a yak instance. Prompts the user if no value is given.

# File 'lib/yak.rb', line 224

def self.new_password yak, value=nil
  yak.new_password value
  yak.write_data
  yak.start_session
end

.parse_args(argv) ⇒ Object

Parse ARGV data.

# File 'lib/yak.rb', line 260

def self.parse_args argv
  options = {}

  opts = OptionParser.new do |opt|
    opt.program_name = File.basename $0
    opt.version = VERSION
    opt.release = nil

    opt.banner = <<-EOF
Yak is a simple app to store and retrieve passwords securely.
Retrieved passwords get copied to the clipboard by default.

Usage:
  #{opt.program_name} [options] [key] [password]

Examples:
  #{opt.program_name} -a gmail [password]
  #{opt.program_name} gmail
  #{opt.program_name} -r gmail
  #{opt.program_name} --list
  
Options:
    EOF

    opt.on('-a', '--add KEY',
           'Add a new password for a given key') do |key|
      options[:action] = :store
      options[:key]    = key
    end

    opt.on('-r', '--remove KEY',
           'Remove the password for a given key') do |key|
      options[:action] = :remove
      options[:key]    = key
    end

    opt.on('-l', '--list [REGEX]',
           'List keys to the stdout') do |key|
      options[:action] = :list
      options[:key]    = key
    end

    opt.on('-n', '--new-password',
           'Update the password used for encryption') do |value|
      options[:action] = :new_password
    end

    opt.on('-p', '--print KEY',
           'Print the password for the given key to stdout') do |key|
      options[:action] = :print_password
      options[:key]    = key
    end

    opt.on('--delete-data',
           'Delete the data file - lose all saved info') do
      options[:action] = :delete_data
    end
  end

  opts.parse! argv

  options[:action] ||= :retrieve
  options[:key]    ||= argv.shift
  options[:value]  ||= argv.shift

  raise OptionParser::InvalidOption if
    options[:action] == :retrieve && options[:key].nil?

  options

rescue OptionParser::InvalidOption
  $stderr << "\nError: Invalid option\n\n"
  $stderr << opts.to_s
  exit 1
end

.print_password(yak, name) ⇒ Object

Get a password value from a yak instance and output it to the stdout.

# File 'lib/yak.rb', line 195

def self.print_password yak, name
  $stdout << "#{yak.retrieve(name)}\n"
end

.prompt_data_loc(user, hl) ⇒ Object

Prompt the user for the location of the data file.

# File 'lib/yak.rb', line 122

def self.prompt_data_loc user, hl
  data_file_opts = []

  usrhome = File.expand_path "~#{user}/"
  dropbox = File.expand_path "~#{user}/Dropbox"

  data_file_opts << dropbox if File.directory? dropbox
  data_file_opts << usrhome if File.directory? usrhome

  data_path = hl.choose do |menu|
    menu.prompt = "Where would you like your data file to live?"
    menu.choices(*data_file_opts)
    menu.choice "other" do
      hl.ask "Enter path:"
    end
  end

  File.join data_path, ".yakdata"
end

.remove(yak, name) ⇒ Object

Remove a key/value pair from a yak instance.

# File 'lib/yak.rb', line 169

def self.remove yak, name
  yak.remove name
  yak.write_data
end

.retrieve(yak, name) ⇒ Object

Get a password value from a yak instance and copy it to the clipboard.

# File 'lib/yak.rb', line 187

def self.retrieve yak, name
  send_to_clipboard yak.retrieve(name)
end

.run(argv = ARGV) ⇒ Object

Run Yak with argv:

Yak.run %w{key}
Yak.run %w{--add key}
...

# File 'lib/yak.rb', line 46

def self.run argv=ARGV
  trap("INT") { exit 1 }

  user = `whoami`.chomp

  check_user_setup user

  config = DEFAULT_CONFIG.merge load_config(user)

  options = parse_args argv

  yak = new user, config

  yak.start_session
  yak.connect_data

  args = [options[:action], yak, options[:key], options[:value]].compact

  self.send(*args)

rescue CIPHER_ERROR => e
  yak.end_session

  $stderr << "Bad password.\n"
  exit 1
end

.send_to_clipboard(string) ⇒ Object

Send the passed string to the keyboard. Only supports darwin (pbcopy), linux (xclip) and cygwin (putclip).

# File 'lib/yak.rb', line 235

def self.send_to_clipboard string
  copy_cmd = case RUBY_PLATFORM
             when /darwin/ then "pbcopy"
             when /linux/  then "xclip -selection clipboard"
             when /cygwin/ then "putclip"
             else
               $stderr << "No clipboard cmd for platform #{RUBY_PLATFORM}\n"
               exit 1
             end

  Session::Bash.new.execute "echo -n \"#{string}\" | #{copy_cmd}"
end

.setup_bash_completion ⇒ Object

Check and setup bash completion.

# File 'lib/yak.rb', line 98

def self.setup_bash_completion
  completion_dir  = "/etc/bash_completion.d"

  completion_file = File.join File.dirname(__FILE__),
    "../script/yak_completion"
  completion_file = File.expand_path completion_file

  sudo    = "sudo" unless RUBY_PLATFORM =~ /cygwin/
  success =
    `#{sudo} cp #{completion_file} #{completion_dir}/. && echo 'true'`.chomp

  if success == "true"
    $stdout << "\nCopied yak_completion to #{completion_dir}\n\n"
  else
    $stderr << "\nError: Could not copy yak_completion #{completion_dir}\n"
    $stderr << "If you would like to use yak's bash completion, "
    $stderr << "make sure to source #{completion_file} in .bashrc\n\n"
  end
end

.store(yak, name, value = nil) ⇒ Object

Add a key/value pair to a yak instance.

# File 'lib/yak.rb', line 178

def self.store yak, name, value=nil
  yak.store name, value
  yak.write_data
end

.yak_config_file(user) ⇒ Object

Get a user’s yak config file. Typically ~user/.yakrc.

# File 'lib/yak.rb', line 252

def self.yak_config_file user
  File.expand_path "~#{user}/.yakrc"
end

Instance Method Details

#connect_data ⇒ Object

Loads and decrypts the data file into the @data attribute.

# File 'lib/yak.rb', line 477

def connect_data
  if data_file_exists?
    data = ""
    File.open(@data_file, "rb"){|f| data << f.read }

    @data = YAML.load decrypt(data)

    write_key_list if @use_completion

  else
    @data = {}
    write_data
  end
end

#data_file_exists? ⇒ Boolean

Check if the data file exists.

Returns:

• (Boolean)

# File 'lib/yak.rb', line 426

def data_file_exists?
  File.file? @data_file
end

#decrypt(string, password = nil) ⇒ Object

Decrypt a string with a given password.

# File 'lib/yak.rb', line 521

def decrypt string, password=nil
  get_cypher_out :decrypt, string, password
end

#delete_data_file!(confirm = false) ⇒ Object

Deletes the user’s data file forever!

# File 'lib/yak.rb', line 434

def delete_data_file! confirm=false
  confirmed = confirm ? @input.agree("Delete all passwords? (y/n)") : true
  FileUtils.rm_f(@data_file) if confirmed
end

#encrypt(string, password = nil) ⇒ Object

Encrypt a string with a given password.

# File 'lib/yak.rb', line 529

def encrypt string, password=nil
  get_cypher_out :encrypt, string, password
end

#end_session ⇒ Object

Stop a session.

# File 'lib/yak.rb', line 399

def end_session
  return unless @session_pid
  Process.kill 9, @session_pid rescue false
  remove_session_files
end

#get_password(plain_pswd = nil) ⇒ Object

Get a password from either the password file or by prompting the user if a password file is unavailable. Returns a sha1 of the password passed as an arg.

# File 'lib/yak.rb', line 453

def get_password plain_pswd=nil
  password = File.read @password_file if File.file?(@password_file)

  plain_pswd ||= request_password "Master Password" if !password

  password ||= Digest::SHA1.hexdigest plain_pswd

  password
end

#has_session? ⇒ Boolean

Check if a session is active.

Returns:

• (Boolean)

# File 'lib/yak.rb', line 418

def has_session?
  Process.kill(0, @session_pid) && @session_pid rescue false
end

#new_password(password = nil) ⇒ Object

Prompt the user for a new password (replacing and old one). Prompts for password confirmation as well.

# File 'lib/yak.rb', line 468

def new_password password=nil
  password ||= request_new_password "Set New Master Password"
  @password  = Digest::SHA1.hexdigest password
end

#remove(name) ⇒ Object

Remove a key/value pair.

# File 'lib/yak.rb', line 496

def remove name
  @data.delete(name)
end

#remove_session_files ⇒ Object

Deletes files used during a session.

# File 'lib/yak.rb', line 409

def remove_session_files
  FileUtils.rm_f [@password_file, @pid_file]
  FileUtils.rm_f @key_list_file unless @use_completion == :always
end

#retrieve(name) ⇒ Object

Retrieve a value for a given key.

# File 'lib/yak.rb', line 504

def retrieve name
  @data[name]
end

#sha_password ⇒ Object

Get the SHA-encrypted password used for encoding data.

# File 'lib/yak.rb', line 443

def sha_password
  @password ||= data_file_exists? ? get_password : new_password
end

#start_session ⇒ Object

Start a new session during which Yak will remember the user’s password.

# File 'lib/yak.rb', line 377

def start_session
  return unless @session_length

  pswd = sha_password # Do stdio before writing to file!

  end_session if has_session?

  @session_pid = fork do
    sleep @session_length
    remove_session_files
  end

  File.open(@password_file, "w+"){|f| f.write pswd }
  File.open(@pid_file,      "w+"){|f| f.write @session_pid }

  Process.detach @session_pid
end

#store(name, value = nil) ⇒ Object

Add a key/value pair. If no value is passed, will prompt the user for one.

# File 'lib/yak.rb', line 512

def store name, value=nil
  value ||= request_new_password "'#{name}' Password"
  @data[name] = value
end

#write_data(password = nil) ⇒ Object

Encrypt and write the Yak data back to the data file.

# File 'lib/yak.rb', line 537

def write_data password=nil
  data = encrypt @data.to_yaml, password
  File.open(@data_file, "w+"){|f| f.write data}

  write_key_list if @use_completion == :always
end

#write_key_list ⇒ Object

Write the key list file. Used for bash completion.

# File 'lib/yak.rb', line 548

def write_key_list
  File.open(@key_list_file, "w+"){|f| f.write @data.keys.join(" ") }
end