Programming, philosophy, pedaling.

KBSecret 0.9.x: Many, Many Things

Dec 11, 2017

Tags: ruby, programming, devblog, kbsecret


I haven't done a development blog post on KBSecret since the 0.7.x series.

As such, this post will cover changes through both the 0.8.x and 0.9.x releases. I'll also (briefly) describe my plans for a 1.0 release.

Many of the changes detailed below were made by others, particularly during Hacktoberfest. You can find a list of contributors and their changes in this post.

CLI consistency

As of KBSecret 0.9.6, some historic deficiencies/inconsistencies in the kbsecret CLI have been addressed:

Custom record types

KBSecret users can now declare custom record types for use in their local installations. These types are defined as Ruby classes, and are automatically loaded from the ~/.config/kbsecret/record/ directory at runtime.

Here's an example of a magic-type record:

module KBSecret
  module Record
    class Magic < Abstract
      data_field :magic

When placed in ~/.config/kbsecret/record, it'll show up with (and behave like) every other record type:

$ kbsecret types

You can find the KBSecret::Record API here, and some additional information about custom types here.

Keybase team support

Previously, KBSecret sessions could only be shared between a collection of users via a shared KBFS directory. This made the list of users in a session practically immutable, as adding or removing a user required the entire session to be copied (and re-encrypted).

That has changed now that Keybase has introduced Keybase teams, which have a flexible list of members with varying access rights (making it possible to share read-only records to some users).

A team-based session can be created via the -t, --team option, which takes the name of Keybase team to create the session under:

# creates the "beta-api-keys" session under the "megacorp" team
$ kbsecret session new -t megacorp beta-api-keys

Subteams are also supported:

# creates the "memos" session under the "megacorp.board" subteam
$ kbsecret session new -t megacorp.board memos

The commands above require the Keybase team to already exist. If it doesn't already exist, the -c, --create-team flag can be applied:

# creates the "alpha-api-keys" session under the new "megacorp.devs" team
$ kbsecret session new -ct megacorp.devs alpha-api-keys

Team-based sessions behave identically to individual and old-style shared sessions, meaning that they can be passed to every other keybase command via the -s, --session option with no extra work.

Other changes

Since this post spans two major releases (0.8.x and 0.9.x), I've omitted many (smaller) changes above.

However, some of them a brief mention:

Towards a 1.0 release

The changes above are substantial, but are mostly interface-related: KBSecret's Ruby API and record structure have not changed significantly in months.

As such, it looks like a 1.0 release is a short-team reality. The 1.0 release will mark the stability of both the API and CLI, with subsequent releases devoted to bugfixing, compatible feature additions, and unit testing.

My current plan is to prerelease 1.0 (1.0.pre.1) on January 1st, 2018. One it rolls out smoothly and nothing explodes in the first week, I'll create the full release.

Thanks for reading!