README.md in sym-2.2.0 vs README.md in sym-2.2.1

- old
+ new

@@ -66,17 +66,22 @@ ❯ cat secret.enc BAhTOh1TeW06OkRhdGE6OldyYXBFefDFFD..... ❯ sym -dx my-new-key -f secret.enc -C My secret data + +# Lets now save common flags in the SYM_ARGS bash variable: +❯ export SYM_ARGS="-x my-new-key -C" +❯ sym -d -f secret.enc +My secret data ``` The line that says `Coin::Vault listening at: druby://127.0.0.1:24924` is the indication that the local dRB server used for caching passwords has been started. Password caching is off by default, but is enabled with `-C` flag. In the example above, the decryption step fetched the password from the cache, and so the user was not required to re-enter the password. __Direct Editing Encrypted Files__ -Instead of decrypting data anytime you need to change it, you can use the shortcut flag `-t` (for "edi__T__"), which decrypts your data into a temporary file, automatically opening it with an `$EDITOR`. +Instead of decrypting data anytime you need to change it, you can use the shortcut flag `-t` (for "edi**t**"), which decrypts your data into a temporary file, automatically opening it with an `$EDITOR`. Example: sym -t -f config/application/secrets.yml.enc -K ~/.key @@ -207,31 +212,60 @@ * `-C` turns on caching * `-T seconds` sets the expiration for cached passwords * `-P memcached | drb` controls which of the providers is used. Without this flag, *sym* auto-detects caching provider by first checking for `memcached`, and then starting the `dRB` server. -#### Encryption and Decryption +#### Saving Common Flags in an Environment Variable +You can optionally store frequently used flags for `sym` in the `SYM_ARGS` environment variable. For example, to always cache passwords, and to always use the same encryption key from the keychain named "production", set the following in your `~/.bashrc`: + +``` +export SYM_ARGS="-x production -C" +``` + +This will always be appended to the command line, and so to encrypt/decrypt anything with password caching enabled and using that particular key, you would simply type: + +```bash +# -x production -C are added from SYM_ARGS +sym -ef file -o file.enc + +# And to decrypt: +sym -df file.enc -o file.original + +# Or edit the encrypted file: +sym -tf file.enc +``` + +#### Complete CLI Usage + This may be a good time to take a look at the full help message for the `sym` tool, shown naturally with a `-h` or `--help` option. ``` -Sym (2.2.0) – encrypt/decrypt data with a private key +Sym (2.2.1) – encrypt/decrypt data with a private key Usage: - # Generate a new key: + # Generate a new key... sym -g [ -p ] [ -x keychain | -o keyfile | -q | ] - # To specify a key for an operation use any one of: + # To specify a key for an operation use one of... <key-spec> = -k key | -K file | -x keychain | -i - # Encrypt/Decrypt to STDOUT or output file + # Encrypt/Decrypt to STDOUT or an output file sym -e <key-spec> [-f <file> | -s <string>] [-o <file>] sym -d <key-spec> [-f <file> | -s <string>] [-o <file>] # Edit an encrypted file in $EDITOR sym -t <key-spec> -f <file> [ -b ] + # Specify any common flags in the BASH variable: + export SYM_ARGS="-x staging -C" + + # And now encrypt without having to specify key location: + sym -e -f <file> + # May need to disable SYM_ARGS with -M, eg for help: + sym -h -M + Modes: -e, --encrypt encrypt mode -d, --decrypt decrypt mode -t, --edit edit encrypted file in an $EDITOR @@ -246,12 +280,11 @@ -i, --interactive Paste or type the key interactively Password Cache: -C, --cache-password enable the cache (off by default) -T, --cache-for [seconds] to cache the password for - -P, --cache-provider [provider] type of cache, one of: - [ memcached, drb ] + -P, --cache-provider [provider] type of cache, one of memcached, drb Data to Encrypt/Decrypt: -s, --string [string] specify a string to encrypt/decrypt -f, --file [file] filename to read from -o, --output [file] filename to write to @@ -262,17 +295,17 @@ -A, --trace print a backtrace of any errors -D, --debug print debugging information -q, --quiet do not print to STDOUT -V, --version print library version -N, --no-color disable color output + -M, --no-environment disable reading flags from SYM_ARGS Utility: -a, --bash-completion [file] append shell completion to a file Help & Examples: -E, --examples show several examples -h, --help show help - ``` ### CLI Usage Examples __Generating the Key__: