README.md in sym-2.5.3 vs README.md in sym-2.6.0
- old
+ new
@@ -11,13 +11,15 @@
[](https://codeclimate.com/github/kigster/sym/coverage)
[](https://codeclimate.com/github/kigster/sym)
<hr/>
+**March 10th, 2017**: Please read the blog post [Dead Simple Encryption with Sym](http://kig.re/2017/03/10/dead-simple-encryption-with-sym.html) launching this tool and a library. Please leave comments or questions in the discussion thread at the bottom of that post. Thanks!
+
## Description
-<div style="padding 20px; font-size: 13pt;">
+<div style="padding 40px; margin: 40px; font-size: 13pt;">
<strong>sym</strong> is a command line utility and a Ruby API that makes it <em>trivial to encrypt and decrypt sensitive data</em>. Unlike many other existing encryption tools, <strong>sym</strong> focuses on usability and streamlined interface (CLI), with the goal of making encryption easy and transparent. The result? There is no longer any excuse for keeping your application secrets unencrypted or outside of your repo.<br /><br />
<strong>sym</strong> uses <em>symmetric Encryption</em> which simply means that you will be using the same 256-bit key to encrypt and decrypt data. In addition to the private key, the encryption uses an IV vector. The library completely hides `iv` generation from the user, and automatically generates a random `iv` per encryption. Finally, each key can be uniquely password-protected (encrypted) and stored in OS-X Keychain, environment variable or a file.
@@ -37,14 +39,15 @@
### What's Included
This gem includes two primary components:
- * [Rich command line interface CLI](#cli) with many features to streamline encryption/decryption.
- * Ruby API:
+ 1. [Rich command line interface CLI](#cli) with many features to streamline encryption/decryption.
+ 2. Ruby API:
* [Basic Encryption/Decryption API](#rubyapi) is activated by including `Sym` module in a class, it adds easy to use `encr`/`decr` methods.
* [Application API](#rubyapi-app) is activated by instantiating `Sym::Application`, and using the instance to drive sym's complete set of functionality, as if it was invoked from the CLI.
+ * [Sym::MagicFile API](#magic-file) is a convenience class allowing you to read encrypted files in your ruby code with a couple of lines of code.
* [Sym::Configuration](#rubyapi-config) class for overriding default cipher, and many other parameters such as compression, cache location, zlib compression, and more.
### Massive Time Savers
What are the time savers that we mentioned earlier?
@@ -174,12 +177,14 @@
<a name="rubyapi"></a>
## Ruby API
-You start by including `Sym` module into your class or a module. Such class will be decorated with new class methods `#private_key` and `#create_private_key`, as well as instance methods `#encr`, and `#decr`.
+### Including `Sym` module
+Low-level encryption routines can be imported by including `Sym` module into your class or a module. Such class will be decorated with new class methods `#private_key` and `#create_private_key`, as well as instance methods `#encr`, and `#decr`.
+
#### Class Method `#create_private_key()`
This method will generate a new key each time it's called.
#### Class Method `#private_key(value = nil)`
@@ -205,11 +210,11 @@
end
@key.eql?(SomeClass.private_key) # => true (it was assigned)
```
-#### Encrypting and Decrypting Data
+#### Encrypting and Decrypting
So how would we use this library from another Ruby project to encrypt and decrypt values?
After including the `Sym` module, two instance methods are added:
@@ -244,11 +249,11 @@
They can be used independently of `encr` and `decr` to encrypt/decrypt any data with a password.
<a name="rubyapi-app"></a>
-#### Full Application API
+### `Sym::Application`
Since the command line interface offers much more than just encryption/decryption of data with a key, majority of these features are available through `Sym::Application` instance.
The class is instantiated with a hash that would be otherwise generated by parsing CLI arguments, typical `options`. For example, to generate the key, pass `generate: true` — essentially any flag in it's long form can be converted into a hash member.
@@ -259,9 +264,53 @@
key = Sym::Application.new(generate: true).execute
# => '75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4='
```
+### `Sym::MagicFile` for Reading Encrypted Data
+
+This is probably the easiest way to leverage Sym-encrypted files, by loading them into memory.
+
+`Sym::MagicFile` provides a very simple API for loading and reading encrypted files
+into memory, while supporting all of the convenience features of the rich
+application API.
+
+You initialize this class with just two things: a `pathname` to a file (encrypted
+or not), and the `key` identifier. The identifier can either be a filename, or
+OS-X Keychain entry, or environment variable name, etc — basically it is resolve
+like any other `-k <value>` CLI flag.
+
+#### Example: Using `Sym::MagicFile` with the `RailsConfig` gem
+
+In this example, we assume that the environment variable `$PRIVATE_KEY` contain
+the key to be used in decryption. Note that methods `#decrypt` and `#read` on `Sym::MagicFile` instance are synomymous.
+
+```ruby
+require 'sym/magic_file'
+require 'yaml'
+secrets = Sym::MagicFile.new('/usr/local/etc/secrets.yml.enc', 'PRIVATE_KEY')
+hash = YAML.load(secrets.decrypt)
+```
+
+Let's say that you are using [RailsConfig](https://github.com/railsconfig/config) gem for managing your Rails application setings. Since the gem allows appending settings from a hash, you can simply do the following in your `settings_initializer.rb`, and after all of the unencrypted settings are loaded:
+
+```ruby
+require 'config'
+require 'sym/magic_file'
+require 'yaml'
+Settings.add_source!(
+ YAML.load(
+ Sym::MagicFile.new(
+ '/usr/local/etc/secrets.yml.enc',
+ 'PRIVATE_KEY'
+ ).decrypt)
+ )
+Settings.reload!
+```
+
+### Ruby API Conclusion
+
+Using `Sym`'s rich ruby API you can perform both low-level encryption/decryption, as well as high-level management of encrypted files. By using `Sym::MagicFile` and/or `Sym::Application` classes you can access the entire set of functionality expressed vi the CLI, described in details below.
<a name="cli"></a>
## Using `sym` with the Command Line
### Encryption Keys