• Stars
    star
    136
  • Rank 267,670 (Top 6 %)
  • Language
    Ruby
  • License
    Other
  • Created over 8 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Sym is a command line utility and a Ruby API that makes it trivial to encrypt and decrypt sensitive data. Unlike many other existing encryption tools, sym focuses on usability and streamlined interface (CLI), with the goal of making encryption easy and transparent. The result? There is no excuse for keeping your application secrets unencrypted :)

Sym β€” Symmetric Encryption for Humans

Please Donate!

Donate using LiberapayΒ Β Β https://img.shields.io/liberapay/goal/kigster

Ruby Rubocop

Maintainability

Gem Version

Coverage Gitter Sym Downloads

Coverage Map

Note
Please checkout the following post β€” Dead Simple Encryption with Sym β€” that announced the initial release of this library, and provides further in-depth discussion. Your donation of absolutely any amount is much appreciated but never required.

Donate

Note
You can read this README in the properly rendered for print format, by downloading the PDF.

Introduction

Note
SYM is an open source command line utility and a Ruby library, which makes it _trivial to encrypt your application secrets with mathematically proven models and ciphers offered in a much larger project β€” Open SSL.

Unlike many existing encryption tools, sym focuses on narrowing the gap between convenience and security, by offering enhanced usability and a streamlined ruby API and a CLI. The primary goal of the library is to make encryption very easy and transparent.

  • sym uses the Symmetric Encryption algorithm. This means that the same key is used to encrypt and decrypt data. In addition to the key, the encryption uses a randomized IV vector, which is automatically generated per each encryption and serialized with the data. Result of encryption is zlib-compressed, and base64 encoded, to be suitable for storage as string. The generated keys are also base64-encoded for convenience.

  • Finally, the library offers encryption using any regular password, and in particular supports password-protected encryption keys. Automatic key detection algorithm attempts to resolve a provided key as a filename, an environment variable name, an OS-X Keychain password entry name, a key itself, or a default key file.

Note
Sym uses Ruby’s Marshall.dump to serialize it’s data, and therefore it is not currently possible or easy to deserialize the data in languages other than Ruby.

Quick Demo of the CLI in Action

asciicast

Help Screens, Examples and Symit Bash Wrapper

This may be a good time to take a look at the full help message for the sym tool, shown naturally with a -h or --help option. Examples can be shown with -E/--examples flag.

Additionally, Sym comes with a helpful BASH wrapper symit.

Help screens for sym and symit are shown in full on another page — Sym Help Screens and Symit. Please refer to it for complete help screens and the examples.

Supported Ruby Versions

Note
Ruby 3.0.0 is only supported by Sym version 3.0.1 and later.

Sym currently builds and runs on the following ruby versions on Travis CI:

Table 1. Ruby Version Compatibility
MRI Ruby JRuby

2.3.8

jruby-9.1.17.0

2.4.10

jruby-9.2.13.0

2.5.8

2.6.6

2.7.1

Motivation

The main goal when writing this tool was to streamline and simplify handling of sensitive data in a trasparent and easy to use way without sacrificing security.

Most common use-cases include:

  • Encrypting/decrypting of application secrets files, so that the encrypted secrets can be safely checked into the git repository and distributed, and yet without much of the added headache that this often requires

  • Secure message transfer between any number of receipients

  • General purpose encryption/decryption with a 256-bit encryption key, optionally itself re-encrypted with a password.

  • General purpose encryption/decryption with an arbitrary password.

Sym is a layer built on top of the OpenSSL library, and, hopefully, makes encryption more accessible to every-day developers, QA, and dev-ops folks, engaged in deploying applications.

What’s Included

This gem includes two primary components:

  1. Rich command line interface CLI with many features to streamline encryption/decryption, and to be integrated into the deployment flow.

  2. Ruby APIs:

    • Key Generation, Encryption & Decryption API

      • is activated by including Sym module in a class, it adds easy to use encr/decr methods.

    • Application API to shadow the CLI usage

      • You can instantiate Sym::Application class with a hash representing CLI arguments, and then call it’s #execute method to mimic CLI execution.

    • Sym::MagicFile API

      • This is a convenience class allowing you to encrypt/decrypt files in your ruby code with just couple of lines of code.

    • Sym::Configuration

      • Use this class to override the default cipher, and configure other parameters such as compression, password caching, and more.

Massive Time Savers

Sym tries very hard to get out of your way, to make it feel as if your encrypted files are as easy to work with as the unencrypted files. It accomplishes this transparency with the following features:

  • By using Mac OS-X Keychain, sym offers a simple yet secure way of storing the key on a local machine, much more secure then storing it on a file system.

  • By using a password cache (-c) via an in-memory provider such as memcached, sym invocations take advantage of password cache, and only ask for a password once per a configurable time period.

  • By using SYM_ARGS environment variable you can save common flags and they will be applied whenever -A flag is activated.

  • By reading a key from the default key source file ~/.sym.key which requires no flags at all.

  • By utilizing the --negate option to quickly encrypt a regular file, or decrypt an encrypted file with extension .enc.

  • By using the -t file (edit) mode, that opens an encrypted file in your $EDITOR, and replaces the encrypted version upon save & exit.

As you can see, we really tried to build a tool that provides good security for application secrets, including password-based encryption, but does not annoyingly ask for password every time. With --edit option, and --negate options you can treat encrypted files like regular files.

Encrypting application secrets had never been easier! ---
β€” Socrates (LOL)

Using Sym

Installation

If you plan on using the library in your Ruby project with Bundler managing its dependencies, just include the following line in your Gemfile:

gem 'sym'

And then run bundle.

Or install it into the global namespace with gem install command:

$ gem install sym
$ sym -h
$ sym -E # see examples

BASH Completion

Optionally, after gem installation, you can also install bash-completion of gem’s command line options, but running the following command (and feel free to use any of the "dot" files you prefer):

sym -B ~/.bashrc

Should you choose to install it (this part is optional), you will be able to use "tab-tab" after typing sym, and you’ll be able to choose from all of the supported flags.

Typical Use-Case Scenario

  1. You generate a new encryption key, that will be used to both encrypt and decrypt the data. The key is 256 bits, or 32 bytes, or 45 bytes when base64-encoded, and can be generated with sym -g. The key must be saved somewhere for later retrieval. The key should not be easily accessible to an attacker. Note, that while generating the key, you can:

    • optionally password protect the key with sym -gp

    • save the key into a file with sym -gpo key-file

    • save it into the OS-X Keychain, with sym -gpx keychain-name

    • cache the password, with sym -gpcx keychain-name

    • Normally, sym will print the resulting key to STDOUT

    • You can prevent the key from being printed to STDOUT with -q/--quiet.

  2. Next, let’s assume you have a file or a string that you want to encrypt. We call this data.

  3. In order to encrypt the data, we must supply an encryption key. Flag -k automatically retrieves the key, by trying to read it in several distinct ways, such as:

    • a file with a pathname specified by the argument (eg, -k ~/.key)

    • or environment variable (eg -k ENC_KEY)

    • or OS-X Keychain entry

    • verbatum string argument (not recommended)

    • alternatively, you can paste the key interactively with -i or save the default key in ~/.sym.key file.

  4. Finally, we are ready to encrypt. The data to be encrypted can be read from a file with -f filename, or it can be read from STDIN, or a passed on the command line with -s string. For example, sym -e -k ~/.key -f /etc/passwd will encrypt the file and print the encrypted contents to STDOUT.

  5. Instead of printing to STDOUT, the output can be saved to a file with -o <file> or a simple redirect or a pipe.

  6. Encrypted file can later be decrypted with sym -d ... assuming the same key it was encrypted with.

  7. Encrypted file with extension .enc can be automatically decrypted with -n/--negate file option; if the file does not end with .enc, it is encrypted and .enc extension added to the resulting file.

  8. With -t/--edit file flag you can edit an encrypted file in VIM (or $EDITOR) any encrypted file and edit it. Once you save it, the file gets re-encrypted and replaces the previous version. A backup can be created with -b option. See the section on inline editing

A sample session that uses Mac OS-X Keychain to store the password-protected key.

# Gen a new key, password-encrypt it, cache the password, save
[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fkigster%2Fsym.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fkigster%2Fsym?ref=badge_shield)

# result in the key chain entry 'my-new-key' (but don't print it '-q')
❯ sym -gpqcx my-new-key
New Password     :  β€’β€’β€’β€’β€’β€’β€’β€’β€’
Confirm Password :  β€’β€’β€’β€’β€’β€’β€’β€’β€’

❯ sym -eck my-new-key -s 'My secret data' -o secret.enc
Password: β€’β€’β€’β€’β€’β€’β€’β€’β€’

❯ cat secret.enc
BAhTOh1TeW06OkRhdGE6OldyYXBFefDFFD.....

❯ sym -dck my-new-key -f secret.enc
My secret data

# Now, let's save our keychain key in the default key file:
❯ sym -ck my-new-key -o ~/.sym.key

# Now we can decrypt/encrypt with this key at will
❯ sym -n secret.enc
# created a decrypted file `secret`

# Lets now save common flags in the SYM_ARGS bash variable:
❯ export SYM_ARGS="-ck my-new-key"
# To have sym parse the SYM_ARGS variable, we must activate this feature with -A
❯ sym -Adf secret.enc
My secret data

Note that password caching is off by default, but is enabled with -c flag. In the example above, the decryption step fetched the password from the cache, and so the user was not required to re-enter the password.

Inline Editing of Encrypted Files

The sym CLI tool supports one particularly interesting mode, that streamlines handling of encrypted files. The mode is called edit mode, and is activated with the -t flag.

Instead of decrypting data anytime you need to change it into a new file and then manually re-encrypting the result, you can use the shortcut flag -t (for "edit"), which decrypts your data into a temporary file, automatically opening it with an $EDITOR.

sym -t config/application/secrets.yml.enc -k ~/.key

This is one of those time-saving features that can make a difference in making encryption feel easy and transparent.

Note
this mode does not seem to work with GUI editors such as Atom or TextMate. Since sym waits for the editor process to complete, GUI editors "complete" immediately upon starting a windowed application.

In this mode several flags are of importance:

-b (--backup)   – will create a backup of the original file
-v (--verbose) - will show additional info about file sizes

Here is a full command that opens a file specified by -f | --file, using the key specified in -k | --keyfile, in the editor defined by the $EDITOR environment variable (or if not set — defaults to /bin/vi)".

Example: here we edit an encrypted file in vim, while using interactive mode to paste the key (-i | --interactive), and then creating a backup file (-b | --backup) upon save:

sym -ibt data.enc
# => Private Key: β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’
#
# => Diff:
# 3c3
# # (c) 2015 Konstantin Gredeskoul.  All rights reserved.
# ---
# # (c) 2016 Konstantin Gredeskoul.  All rights reserved.

Note the diff shown after save.

CLI Help Reference

Sym Help

Ruby API

Including Sym module

Low-level encryption routines can be imported by including Sym module into your class or a module. Such class will be decorated with new class methods #private_key and #create_private_key, as well as instance methods #encr, and #decr.

Class Method #create_private_key()

This method will generate a new key each time it’s called.

Class Method #private_key(value = nil)

This method will either assign an existing key (if a value is passed) or generate and save a new key in the class instance variable. Therefore each class including Sym will (by default) use a unique key (unless the key is passed in as an argument).

The following example illustrates this point:

require 'sym'

class TestClass
  include Sym
end

@key = TestClass.create_private_key
@key.eql?(TestClass.private_key)  # => false
# A new key was created and saved in #private_key accessor.

class SomeClass
  include Sym
  private_key TestClass.private_key
end

@key.eql?(SomeClass.private_key)  # => true (it was assigned)

Encrypting and Decrypting

So how would we use this library from another Ruby project to encrypt and decrypt values?

After including the Sym module, two instance methods are added:

  • #encr(value, private_key) and

  • #decr(value, private_key).

Therefore you could write something like this below, protecting a sensitive string using a class-level secret.

require 'sym'
class TestClass
  include Sym
  private_key ENV['SECRET']

  def sensitive_value=(value)
    @sensitive_value = encr(value, self.class.private_key)
  end
  def sensitive_value
    decr(@sensitive_value, self.class.private_key)
  end
end

Encrypting the Key Itself

You can encrypt the private key using a custom password. This is highly recommended, because without the password the key is the only piece that stands between an attacker and decrypting your sensitive data.

For this purpose, two more instance methods exist:

  • #encr_password(data, password, iv = nil)

  • #decr_password(encrypted_data, password, iv = nil)

They can be used independently of encr and decr to encrypt/decrypt any data with a password.

Using Sym::MagicFile API for Reading/Writing Encrypted/Decrypted data

This is probably the easiest way to leverage Sym-encrypted files in your application — by loading them into memory with Sym::MagicFile. This class provides a very simple API while supporting all of the convenience features of the rich application API (see below).

You instantiate Sym::MagicFile with just two parameters: a pathname to a file (encrypted or not), and the key identifier. The identifier can either be a filename, or OS-X Keychain entry, or environment variable name, etc — basically it is resolve like any other -k <value> CLI flag.

The following methods are available:

  • #encrypt — returns an encrypted string representing the encrypted contents ofa file specified by the pathname.

  • #decrypt — returns a decrypted string representing the decrypted contents of a file specified by the pathname.

  • #encrypt_to(filename) — encrypts the contents of a file specified by the pathname, and writes the result to a filename.

  • #decrypt_to(filename) — decrypts the contents of a file specified by the pathname, and writes the result to a filename.

Example: Using Sym::MagicFile with the RailsConfig (or Settings) gem

In this example, we assume that the environment variable $PRIVATE_KEY contain the key to be used in decryption.

require 'sym/magic_file'
require 'yaml'
secrets = Sym::MagicFile.new('/usr/local/etc/secrets.yml.enc', 'PRIVATE_KEY')
hash = YAML.load(secrets.decrypt)

Let’s say that you are using RailsConfig gem for managing your Rails application setings. Since the gem allows appending settings from a hash, you can simply do the following in your settings_initializer.rb, and after all of the unencrypted settings are loaded:

require 'config'
require 'sym/magic_file'
require 'yaml'
Settings.add_source!(
    YAML.load(
        Sym::MagicFile.new(
            '/usr/local/etc/secrets.yml.enc',
            'PRIVATE_KEY'
        ).decrypt)
    )
Settings.reload!

Using Sym::Application API

Since the command line interface offers much more than just encryption/decryption of data with a key, majority of these features are available through Sym::Application instance.

The class is instantiated with a hash that would be otherwise generated by parsing CLI arguments, typical options. For example, to generate the key, pass generate: true — essentially any flag in it’s long form can be converted into a hash member.

Here is an example:

require 'sym/application'

key  = Sym::Application.new(generate: true).execute
# => '75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4='

Ruby API Conclusion

Using Sym's rich ruby API you can perform both low-level encryption/decryption, as well as high-level management of encrypted files. By using Sym::MagicFile and/or Sym::Application classes you can access the entire set of functionality expressed vi the CLI, described in details below.

Using sym with the Command Line

Encryption Keys

The private key is the cornerstone of the symmetric encryption. Using sym, the key can be:

  • generated and printed to STDOUT, or saved to Mac OS-X KeyChain or a file

  • fetched from the Keychain in subsequent operations

  • password-protected during generation (or import) with the -p flag.

  • password can be cached using a locally running memcached, assuming the -c flag is provided.

  • must be kept very well protected and secure from attackers.

The unencrypted private key will be in the form of a base64-encoded string, 45 characters long.

Encrypted (with password) private key will be considerably longer, perhaps 200-300 characters long.

Generating the Key — Examples

# Let's generate a new key, and copy it to the clipboard (using `pbcopy` command on Mac OS-X):
$ sym -g | pbcopy

# Or save a new key into a bash variable
$ KEY=$(sym -g)

# Or save it to a file:
$ sym -go ~/.key

# Or create a password-protected key (`-p`), and save it to a file (`-o`),
# cache the password (`-c`), and don't print the new key to STDOUT (`-q` for quiet)
$ sym -gpcqo ~/.secret
New Password:     β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’
Confirm Password: β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’
$

Resolving the -k Argument

You can use the generated private key by passing an argument to the -k flag.

Sym attempts to automatically resolve the key source by trying each of the following options, and then moving on to the next until the key is found, or error is shown:

  1. the -k value flag, where the value is one of:

    • a file path, eg (-k ~/.key)

    • an environment variable name (-k MY_KEY)

    • an actual base64-encoded key (not recommended for security reasons)

    • a keychain name (-k keychain-entry-name)

  2. pasting or typing the key with the -i (interactive) flag

  3. if exists, a default key file, located in your home folder: ~/.sym.key is used only when no other key-specifying flags were passed in.

Encryption and Decryption

Inline Editing

The sym CLI tool supports one particularly interesting mode, that streamlines handling of encrypted files. The mode is called edit mode, and is activated with the -t file flag.

In this mode sym will automaticaly decrypt the encrypted file into a temporary file, and then open it in $EDITOR. Once you quit the editor, sym will automatically diff the new and old content, and if it is different, sym will re-encrypt the new contents and overwrite the original file. You can create an optional backup by adding -b flag.

Note
this mode does not seem to work with GUI editors such as Atom or TextMate. Since sym waits for the editor process to complete, GUI editors "complete" immediately upon starting a windowed application. In this mode several flags are of importance:
-b (--backup)   – will create a backup of the original file
-v (--verbose) - will show additional info about file sizes

Here is a full command that opens a file specified by -t | --edit file, using the key specified in -k | --keyfile, in the editor defined by the $EDITOR environment variable (or if not set — defaults to /bin/vi)".

To edit an encrypted file in $EDITOR, while asking to paste the key (-i | --interactive), while creating a backup file (-b | --backup):

 sym -tibf data.enc
 # => Private Key: β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’
 #
 # => Diff:
 # 3c3
 # # (c) 2015 Konstantin Gredeskoul.  All rights reserved.
 # ---
 # # (c) 2016 Konstantin Gredeskoul.  All rights reserved.

Using KeyChain Access on Mac OS-X

KeyChain storage is a huge time saver. It allows you to securely store the key the keychain, meaning the key can not be easily extracted by an attacker without a login to your account. Just having access to the disk is not enough.

Apple had released a security command line tool, which this library uses to securely store a key/value pair of the key name and the actual private key in your OS-X KeyChain. The advantages of this method are numerous:

  • The private key won’t be lying around your file system unencrypted, so if your Mac is ever stolen, you don’t need to worry about the keys running wild.

  • If you sync your keychain with the iCloud you will have access to it on other machines

As mentioned previously, to add the key to the KeyChain on the Mac, use -x <key-name> flag with -g flag when generating a key. The key name is what you call this particular key, based on how you plan to use it. For example, you may call it staging, etc.

The following command generates the private key and immediately stores it in the KeyChain access under the name provided:

sym -gx staging   # the key is passwordless
sym -gpcx staging # this key is password protected, with the password cached

Next, whenever you need to use this key, you can specify the key with -k staging.

Finally, you can delete a key from KeyChain access by running:

keychain <name> delete

Below we describe the purpose of the executable keychain shipped with sym.

KeyChain Key Management

keychain is an additional executable installed with the gem, which can be used to read (find), update (add), and delete keychain entries used by sym.

It’s help message is self-explanatory:

Usage: keychain <name> [ add <contents> | find | delete ]

Moving a Key to the Keychain

You can easily move an existing key from a file or a string to a keychain by combining -k or -k to read the key, with -x to write it.

sym -k $keysource -x mykey

Adding Password to Existing Key

You can add a password to a key by combining one of the key description flags (-k, -i) and then also -p. Use -q to hide new key from the STDOUT, and c to cache the password.

sym -k $mykey -pqcx moo

The above example will take an unencrypted key passed in $mykey, ask for a password and save password protected key into the keychain with name "moo."

Password Caching

Nobody likes to re-type passwords over and over again, and for this reason Sym supports password caching via a locally running memcached instance (using the default port 11211, if available).

Multiple Providers

Cache is written using the Provider design pattern (a.k.a. plugin architecture), and so it’s easy to add a new Cache Provider that uses a custom backend. The supplied production-ready provider only works with a memcached daemon running (ideally) locally.

For customization of memcached location, we refer you to the Configuration class for an example of how to configure MemCached provider — shown below in the Ruby API section.

In order to control password caching, the following flags are available:

  • -c turns on caching

  • -u seconds sets the expiration for cached passwords

  • -r memcached controls which of the providers is used. Without this flag, sym auto-detects caching provider by first checking for memcached

Saving Common Flags in an Environment Variable

You can optionally store frequently used flags for sym in the SYM_ARGS environment variable. For example, to always cache passwords, and to always use the same encryption key from the keychain named "production", set the following in your ~/.bashrc:

export SYM_ARGS="-cx production"

This will be automatically appended to the command line if the -A/--sym-args flag is provided, and so to encrypt/decrypt anything with password caching enabled and using that particular key, you would simply type:

# -cx production are added from SYM_ARGS
sym -Aef file -o file.enc

# And to decrypt:
sym -Adf file.enc -o file.original

# Or edit the encrypted file:
sym -Atf file.enc

Fine Tuning

Configuration

The library contains a Sym::Configuration singleton class, which can be used to tweak some of the internals of the gem. Its meant for advanced users who know what they are doing. The code snippet shown below is an actual default configuration. You can override the defaults by including a similar snipped in your application initialization, right after the require 'sym'. The Configuration class is a Singleton, so changes to it will propagate to any subsequent calls to the gem.

require 'zlib'
require 'sym'
Sym::Configuration.configure do |config|
  config.password_cipher          = 'AES-128-CBC'
  config.data_cipher              = 'AES-256-CBC'
  config.private_key_cipher       = config.data_cipher
  config.compression_enabled      = true
  config.compression_level        = Zlib::BEST_COMPRESSION
  config.encrypted_file_extension = 'enc'
  config.default_key_file         = "#{ENV['HOME']}/.sym.key"

  config.password_cache_timeout          = 300

  # When nil is selected, providers are auto-detected.
  config.password_cache_default_provider = nil
  config.password_cache_arguments        = {
    # In-memory password cache configuration:
    # Memcached Provider – local is the default, but can be changed.
    memcached: {
      args: %w(127.0.0.1:11211),
      opts: { namespace:  'sym',
              compress:   true,
              expires_in: config.password_cache_timeout
      }
    }
  }
end

As you can see, it’s possible to change the default cipher type, although not all ciphers will be code-compatible with the current algorithm, and may require additional code changes.

Encryption Features & Cipher

The sym executable as well as the Ruby API provide:

  • Symmetric data encryption with:

    • the Cipher AES-256-cBC used by the US Government

    • 256-bit private key, that

      • can be generated and is a base64-encoded string about 45 characters long. The decoded key is always 32 characters (or 256 bytes) long.

      • can be optionally password-encrypted using the 128-bit key, and then be automatically detected (and password requested) when the key is used

      • can optionally have its password cached for 15 minutes locally on the machine using memcached

  • Rich command line interface with some innovative features, such as inline editing of an encrypted file, using your favorite $EDITOR.

  • Data handling:

    • Automatic compression of the data upon encryption

    • Automatic base64 encryption to make all encrypted strings fit onto a single line.

    • This makes the format suitable for YAML or JSON configuration files, where only the values are encrypted.

  • Rich Ruby API

  • (OS-X Only): Ability to create, add and delete generic password entries from the Mac OS-X KeyChain, and to leverage the KeyChain to store sensitive private keys.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.

To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/kigster/sym.

UML

Here are a couple of UML diagrams depicting the current, and possibly future state of the codebase.


Current Design
UML Vertical

Future Design
UML Refactor

License

Sym library is Β© 2016-2020 Konstantin Gredeskoul and Contributors.

The gem is available as open source under the terms of the MIT License. The library is designed to be a layer on top of OpenSSL, distributed under the Apache Style license.

Acknowledgements

Contributors:

Contributions of any kind are very much welcome from anyone.

Any pull requests will be reviewed promptly.

Please submit feature requests, bugs, or donations :)

More Repositories

1

cmake-project-template

This project is aimed at jump-starting a C/C++ project that can build libraries, binaries and have a working unit test suite. It uses CMake build system and is deliberately completely minimal.
C++
881
star
2

simple-feed

This gem implements a flexible time-ordered activity feeds commonly used within social networking applications. As events occur, they are pushed into the Feed and distributed to all users that need to see the event. Upon the user visiting their "feed page", a pre-populated ordered list of events is returned by the library.
Ruby
332
star
3

bashmatic

Optimized for humans, 500+ BASH functions for all walks of life. Über Toâlkit for über geeks and UNIX command line power users.
Shell
133
star
4

laser-cutter

Similar to boxmaker, this ruby gem generates PDFs that can be used as a basis for cutting boxes on a typical laser cutter. The intention is to create an extensible, well tested, and modern ruby framework for generating PDF templates used in laser cutting.
Ruby
91
star
5

ventable

Event/Observable support for plain ruby with options for grouping observers and wrapping notifications in blocks of code, such as transaction handling.
Ruby
58
star
6

warp-dir

Warp Directory – a drop-in replacement (superset to be precise) of the nifty 'wd' ZSH module. This one is written in ruby, and works with any shell.
Ruby
40
star
7

puma-daemon

Puma (starting version 5) removed automatic demonization from the gem itself. This functionality was extracted to this gem, which supports Puma v5 and v6.
Ruby
37
star
8

arli

Arli is the command line tool, that's both β€” the Arduino Library manager that's decoupled from any IDE, as well a project generator based on "arduino-cmake". By coupling dependency management with CMake-based build system, Arli provides an easy way to package, share, and distribute complex Arduino projects.
Ruby
28
star
9

pullulant

Kick start a fresh development environment on any Mac with OS-X El Capitan, with this opinionated, but modular and customizable installer. It's based on HomeBrew, SproutWrap cookbooks, and about 2K lines of Bash programming :)
Shell
12
star
10

dupervisor

This library converts config files between – YAML, JSON and Windows INI file format. For example, supervisord uses INI file format. Using the gem you can configure supervisord via a YAML file, and generate INI as needed. DuperVisor installs `dv` CLI converter. Run `dv -h` for help.
Ruby
9
star
11

librgb

C/C++ Library for RGB color manipulation and effects. The intention is to make it possible to use the library for Arduino-based projects. Current status: pre-Alpha.
C++
8
star
12

kigomoku-ios

Simple Gomoku (Five In A Row) game for iPhone
Objective-C
6
star
13

delicious-library-3-cloud-sync

A simple shell script so that the data files used by Delicious Library 3β„’ software for Mac made by Delicious Monster Software can be shared across multiple computers in your possession.
Shell
6
star
14

attr_memoized

Memoize attributes in a thread-safe way. This ruby gem adds a `#attr_memoized` class method, that provides a lazy-loading mechanism for initializing "heavy" attributes, but in a thread-safe way. Instances thus created can be shared among threads.
Ruby
6
star
15

joyent-cloud-pricing

A collection of tools to help figure out Joyent cloud costs for an infrastructure of any size. Supports commit pricing discounts.
Ruby
5
star
16

sidekiq-cluster

Sidekiq cluster is a simple CLI wrapper around Sidekiq that allows running multiple Sidekiq processes as a single pool of workers.
Ruby
5
star
17

RotaryEncoderWithButton

Easily read rotary encoder buttons that also incorporate a push button, like Adafruit Rotary Encoder.
C++
5
star
18

search-emlx-mailbox

Rails 5.2-based application that uses Sunspot/Solr to index and import large number of emails either as individual files in "*.elmx" format, or by using an exported "mbox" format. Once imported, the app provides a simple and convenient search interface for finding all emails matching a given search string. Useful in depositions, legal proceedings, or just personal projects.
Ruby
4
star
19

dnsmadeeasy

A full-featured API client for managing DNS records hosted by DnsMadeEasy.com via their REST SDK v2. A powerful CLI command "dme" is installed for those script-centric. Ruby SDK is provided for those needing the integrate at deeper level.
Ruby
4
star
20

auto-dimming-clock

Digital wall clock, or a bed-side clock, or whatever type of clock you like, equipped with a rotary encoder knob, a photo resistor able to aid in adjusting brightness as it changes throughout the day. The clock can be equipped with an optional strip of neo pixels – for some extra color. Works with Arduino Uno, Nano, Mini Pro, as well as Teensy.
C++
4
star
21

molder

Molder is a command line tool for generating and running (in parallel) a set of related but similar commands. A key use-case is auto-generation of the host provisioning commands for an arbitrary cloud environment. The gem is not constrained to any particular cloud tool or even a command, and can be used to generate a consistent set of commands based on several customizable dimensions.
Ruby
4
star
22

pause

Fast, flexible, and easy to use rate limiter or throttler for multi-process ruby applications backed by Redis.
Ruby
3
star
23

helpful-tools

Personal collection of scripts, snippets, and more, typically written in ruby.
Ruby
3
star
24

makeabox

MakeABox – use this app with a laser cutter to create a box with notches that connect all sides together.
HTML
3
star
25

githuh

Github API command line client for fetching repos, looking up users, etc.
Ruby
3
star
26

kigame-cpp

A set of generic C++ interfaces and classes to aid with modeling basic 2-player board games.
C++
3
star
27

turnstile-rb

Turnstile is a ruby gem for tracking in near-real time concurrent live users on the site without introducing additional latency into the request.
Ruby
3
star
28

arduino-library

This gem encapsulates many concepts related to how Arduino Libraries are indexed, how their metadata is validated, or .properties file generated. It supports searching the Arduino library database for any terms. This gem is used by Arli β€” Arduino Installer CLI toolkit.
Ruby
3
star
29

kigaboom

Teensy + Audio Shield + TFT+ Infrared / Rotary Knobs = fully customizable audio digital signal processing station, with spectrum analyzer, peak meter, EQ and many more functions available via simple controls.
C++
3
star
30

cookbook-set-hostname

Why is not part of Chef? I have no idea. But here is how you can set your hostname correctly, and with FQDN. The hostname is set based on the specified domain name. Supports SmartOS, Ubuntu and CentOS.
Ruby
3
star
31

beatify

A wrapper project around "beet" open source music organizer, suitable for DJs with large music folders.
Shell
3
star
32

game-simon-says

C/C++ core of this simple pattern repeating game.
C++
2
star
33

cookbook-logrotate-s3

Rotate logs to S3 using logrotate and s3cmd
Ruby
2
star
34

register

Registry pattern for wrapping application globals in a module-level auto-generated accessors
Ruby
2
star
35

cookbook-pgbouncer-service

Installs pgBouncer from either sources or packages, configures the connections, and sets up a service.
Ruby
2
star
36

obstacle-avoiding-robot

Arduino-based project that drives on 4 DC motors and avoids things in front.
CMake
2
star
37

mms-mime

Ruby parser for MM7-wrapped MMS/MIME messages
Ruby
2
star
38

host_status

Generic facade that aggregates metrics for a given host running a particular application using pluggable methods including third-party APIs.
Ruby
2
star
39

saves-cli

Saves Service CLI Client for a proprietary horizontally sharded storage of product saves.
Ruby
2
star
40

flix-capacitor

A little flux/flix capacitor box based on Teensy 3.1 for showing pictures, clock, playing DJ sets, and starting a small rave in a recovery room.
Arduino
2
star
41

performance-compare

A simple gem that can be used to compare algorithm implementations in Ruby using a single thread, a thread pool, or a process pool.
Ruby
2
star
42

weather-pod

4-line LCD Screen shows temperature, humidity, barometric pressure and time. Project build using arduino-cmake, dependencies maintained by Arli.
CMake
2
star
43

cookbook-auto-updater

This Cookbook performs several operations on a newly provisioned Ubuntu machines to prepare them for server-side operation. It includes setting the timezone, and performing smart unattended update of all system packages and kernels, possibly requiring reboot.
Ruby
2
star
44

back-seat-driver

Autonomous Arduino Robot control library in C++. Easily drive various kinds of robots without blocking or sleeping. Supports servo-based bots and DC motor based using Adafruit Motor Shield.
C++
2
star
45

rules_ruby_lambda

Bazel rules for packaging and uploading AWS Lambdas
1
star
46

treename

Rename all files in multi-level folder tree based on custom logic, with optional custom callbacks. Use it to process batches of files to convert them eg. from WAV to MP3 or vice versa, while renaming them along the way.
Ruby
1
star
47

cookbook-dnsmadeeasy

DNS record management cookbook for automatically registering nodes with DnsMadeEasy provider.
Ruby
1
star
48

number-counting

Ruby Network Server to support NodeJS CLI and AI Clients
Ruby
1
star
49

sprout-pyenv

Sprout-wrap compatible cookbook to install pyenv using Brew, and then any version of Python using soloist.
Ruby
1
star
50

uri-io

Provides IO semantics for various URI schemes
Ruby
1
star
51

ruby-exercises

Ruby implementations of exercises I came across and thought they were fun.
Ruby
1
star
52

playgine

Gaming backend engine written in Rails 6, TypeScript, PostgreSQL
1
star
53

arduino-workspace

Shell
1
star
54

cmake-ccspec-template

CMake C++ project template that uses ccspec for unit testing, instead of Google Test library.
C++
1
star
55

wallclock-arduino

CMake-based project for a fancy digital Wall Clock with Neo Pixels, temperature, and other goodies.
CMake
1
star
56

makeabox.app

Work in progress β€” evolution of the original MakeABox application, this one will use Angular and Rails 6
Ruby
1
star
57

vscode-insider-settings

A set of simple makefile commands to export/import/swap settings for VSCode and VSCode Insiders
Makefile
1
star
58

AsciiDuino

Library that makes displaying shapes/frames on RainbowDuino LED Matrix easy using ASCII pictures as source input
C++
1
star
59

bazel-in-pictures

Various UML-like diagrams explaining Bazel API for those creating new rules
1
star
60

arli-cmake

Some additional helpers for arduino-cmake project, as well as the helpers to connect Arli library Manager.
CMake
1
star
61

cloud-kitchens-dispatch

Simulation of Order fulfillment in a Restaurant Kitchen
Ruby
1
star
62

boxbot

[WIP] Boxbot is a from the ground-up rewrite of the laser-cutter gem with some additional features planned. It generates templates meant to be used by a laser cutter to cut out a 3D box with matching tabs that allow the box to be "snapped into place" without screws, although screws can also be added.
Ruby
1
star
63

readonly

This gem offers a proxy class that can be used to create a read-only wrappers around any other class, by declaring which methods can be delegated to the wrapped class.
Ruby
1
star
64

kiguino

Collection of Arduino libraries and wrappers, written and used in various live projects. Most of the libraries hide some complexity and encapsulate a consistent approach to the *thing*, be that measuring a sensor, working with a rotary knob, etc.
C++
1
star
65

drb-cache

DRb::Cache is a ruby gem that offers a shared multi-process cache by transparently managing a DRb server process on the background.
Ruby
1
star
66

pythagoras

Super simple C++ calculator that computes either a hypothenuse from the equal cathet, or vice versa.
C++
1
star
67

timed-messages

Schedule defined as starting times and durations, good for integrating into embedded LED systems that are supposed to show a given artist at a given time. Arduino-free library with automated tests based on ccspec (C++17 required)
C++
1
star
68

solr-sunspot-cookbook

Fully automated installation, configuration and service definition for Solr Search engine with support for single master many replicas, and specifically configured to work with Sunspot Ruby Gem.
HTML
1
star
69

sparkfun7SD

Set of libraries for using Sparkfun seven-segment displays (4 digit), while using different means of communications, implemented as sub-libraries. Based on tutorials @ https://learn.sparkfun.com/tutorials/using-the-serial-7-segment-display
C++
1
star
70

require_dir

Easily and non-intrusively require files from sub-folders in ruby. Unlike require_all, this gem is meant to be included and does not break or affect load path.
Ruby
1
star
71

ventable-statsd

Integrate your Ventable events with Statsd in order to track some or all of the events that occur using a fast light-weight UDP protocol.
Ruby
1
star
72

sym-crypt

This library provides a simple interface allowing access to the symmetric encryption functionality provided by the OpenSSL library. It supports private key generation, encryption/decryption with the key, as well as encryption/decryption with an arbitrary user-defined password.
Ruby
1
star
73

super_uri

Extension to the OpenURI module that understands many additional types of URI resources, and is able to open and read them. Included are: file://, env://, osxkeychain://, redis://, memcached:// schemes.
Ruby
1
star