preparing release

Cleaning up code. Rubocopping and documenting

.codeclimate.yml

@@ -0,0 +1,21 @@
+---
+engines:
+  bundler-audit:
+    enabled: false
+  duplication:
+    enabled: true
+    config:
+      languages:
+      - ruby
+  fixme:
+    enabled: true
+  rubocop:
+    enabled: true
+ratings:
+  paths:
+  - Gemfile.lock
+  - "**.rb"
+exclude_paths:
+  - spec/
+  - templates/
+  - doc/

.gitignore

@@ -12,3 +12,6 @@
 *.o
 *.a
 mkmf.log
+secrets/
+Zanzifile
+Zanzifile.resolved

.rubocop.yml

@@ -0,0 +1,9 @@
+Metrics/ClassLength:
+  Max: 150
+
+Metrics/LineLength:
+  Max: 175
+
+AllCops:
+  Exclude:
+    - 'spec/**/*'

.travis.yml

@@ -0,0 +1,19 @@
+sudo: false
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.7
+  - 2.2.3
+addons:
+  code_climate:
+    repo_token:
+      secure: "XbKXMtcF/NnFr9JMuJNRzgsUcDcHxGi5jVc2B4HGT4EHDUnOV/06SfTTJMiLz3hgIgH1dpEgt+4cjAzAmZrmZrViY3rOH0MU1f6eAF4+BPMb0JwKYnPxTyPF5RjsWf0aFe6JdYM1S1T7EpP2XUAlV9ppmCYKrYUEa/OAXsz4ruU="
+deploy:
+  provider: rubygems
+  api_key:
+    secure: "CFXaOgtLypVc3/Nn3NFyeTYJ3rR/KNua2FPFHc02h5K/TPm8PMlHsYEB3e9OpithnC5cLqPUUlyZL4Gz7QC4zxX0G4luNVz+ZXdueMk1GBstK9QMsrjOQMKnQTCPaK/3x2/53kuPWMjYSyn5+ICkf/Omq1EVD4YEplhSvIRA9QQ="
+  gem: zanzibar
+  on:
+    tags: true
+    all_branches: true

CHANGELOG.md

@@ -0,0 +1,24 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+
+## [Unreleased]
+
+## [0.2.0] - 2016-05-18
+### Changed
+- Upgraded dependencies
+    - `rubyntlm`: ~>0.4.0 to ~>0.6.0
+    - `savon`: ~>2.10.0 to ~>2.11.0
+    - `rubocop`: ~>0.28.0 to ~>0.39.0
+- Lots of rubocop-y code cleanup
+- Converted from code climate classic to code climate platform
+- Added rake task to run code climate platform locally
+- Broke low-level secret server operations into `zanzibar/client`
+
+## [0.1.27] - 2016-04-15
+### Added
+- `zanzibar get` can fetch field values for fields other than password
+    - This ability has not been added to Zanzifiles yet.
+
+[0.2.0]: https://github.com/Cimpress-MCP/Zanzibar/compare/v0.1.27...v0.2.0
+[Unreleased]: https://github.com/Cimpress-MCP/Zanzibar/compare/v0.2.0...HEAD

Gemfile

@@ -1,9 +1,3 @@
 source 'https://rubygems.org'
 
-gem 'savon'
-gem 'savon_spec'
-gem 'rspec'
-gem 'webmock'
-
-# Specify your gem's dependencies in zanzibar.gemspec
 gemspec

README.md

@@ -1,5 +1,9 @@
 # Zanzibar
-
+[![Gem Version](https://badge.fury.io/rb/zanzibar.svg)](http://badge.fury.io/rb/zanzibar)
+[![Code Climate](https://codeclimate.com/github/Cimpress-MCP/zanzibar/badges/gpa.svg?1=1)](https://codeclimate.com/github/Cimpress-MCP/zanzibar)
+[![Test Coverage](https://codeclimate.com/github/Cimpress-MCP/zanzibar/badges/coverage.svg)](https://codeclimate.com/github/Cimpress-MCP/zanzibar/coverage)
+[![Dependency Status](https://gemnasium.com/badges/github.com/Cimpress-MCP/zanzibar.svg)](https://gemnasium.com/github.com/Cimpress-MCP/zanzibar)
+[![Inline docs](http://inch-ci.org/github/cimpress-mcp/zanzibar.svg?branch=master)](http://inch-ci.org/github/cimpress-mcp/zanzibar)
 
 Zanzibar is a utility to retrieve secrets from a Secret Server installation. It supports retrieval of a password, public/private key, or secret attachment.
 
@@ -21,7 +25,11 @@ Or install it yourself as:
 
 ## Usage
 
-In your ruby project, rakefile, etc., create a new Zanzibar object. The constructor takes a hash of optional parameters for the WSDL location, the domain of the Secret Server, a hash of global variables to pass to savon (necessary for windows environments with self-signed certs) and a password for the current user (intended to be passed in through some encryption method, unless you really want a plaintext password there.). All of these parameters are optional and the user will be prompted to enter them if they are missing.
+In your ruby project, rakefile, etc., create a new Zanzibar object.
+
+The constructor takes a hash of optional parameters for the WSDL location, the domain of the Secret Server, a hash of global variables to pass to savon (necessary for windows environments with self-signed certs) and a password for the current user (intended to be passed in through some encryption method, unless you really want a plaintext password there).
+
+All of these parameters are optional and the user will be prompted to enter them if they are missing.
 
 ```ruby
   my_object = Zanzibar::Zanzibar.new(:domain => 'my.domain.net', :wsdl => 'my.scrt.srvr.com/webservices/sswebservice.asmx?wdsl', :pwd => get_encrypted_password_from_somewhere)
@@ -38,19 +46,94 @@ secrets = Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my
 # Zanzibar::Zanzibar.new(:domain => 'mydomain.net', :wsdl => "https://my.scrt.server/webservices/sswebservice.asmx?wsdl", :globals => {:ssl_verify_mode => :none})
 
 ## Simple password -> takes secret id as argument
-secrets.get_secret(1234)
+secrets.get_password(1234)
 
-## Private Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
-secrets.download_private_key(:scrt_id => 2345, :path => 'secrets/')
+## Private Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Private Key")
 
-## Public Key -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
-secrets.download_public_key(:scrt_id => 2345, :path => 'secrets/')
+## Public Key -> takes hash as argument, requires :scrt_id, :type, optional :scrt_item_id, :path
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Public Key")
 
-## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, optional :scrt_item_id, :path
-secrets.download_attachment(:scrt_id => 3456, :path => 'secrets/')
+## Attachment; only supports secrets with single attachment -> takes hash as argument, requires :scrt_id, :path, optional :scrt_item_id, :path
+secrets.download_secret_file(:scrt_id => 2345, :path => 'secrets/', :type => "Attachment")
 
 ```
 
+### Providing Credentials
+
+Zanzibar has several ways of finding Secret Server credentials. It will use credentials
+discovered in this order:
+
+* Credentials passed to the initializer
+    * `Zanzibar::Zanzibar.new(:username=>'auser', :password=>'itsmyPassword')`
+* Credentials discovered via the environment
+    * If `ZANZIBAR_USER` exists, it will use that.
+        * If not, it will try `USER`
+    * If `ZANZIBAR_PASSWORD` exists, it will use that.
+* Credentials entered by the user
+    * Zanzibar will prompt the user to enter their password on STDIN
+
+### Command Line
+
+Zanzibar comes bundled with the `zanzibar` command-line utility that can be used
+for fetching passwords and downloading keys from outside of Ruby scripts.
+
+`zanzibar` supports most actions provided by Zanzibar itself. Because it operates
+on the command-line, it can be used as part of a pipeline or within a bash script.
+
+```bash
+# if ZANZIBAR_PASSWORD is not set, you will be prompted to enter your password.
+# this will download the private key from secret 1984 to the current directory
+$ ZANZIBAR_PASSWORD=`gpg -d secretpasswd.txt.gpg` zanzibar get 1984 -s server.example.com -d example.com -f "Private Key"
+
+$ ssh user@someremote -i ./private_key
+```
+
+#### Zanzifiles
+
+The `zanzibar` command can also perform [bundler](http://bundler.io)-like actions.
+Running `zanzibar init` will generate a `Zanzifile` in the current directory.
+Information about Secret Server and the necessary secret files to be downloaded
+can be added here.
+
+Then `zanzibar bundle` will try to download the secrets named in the file.
+When it downloads a file, it gets added to `Zanzifile.resolved`. And next time
+`zanzibar bundle` is run, if the file exists and the hash matches the one in the
+`resolved` file, it will not attempt to re-download. `zanzibar update` will attempt
+to re-download all secrets.
+
+Subdirectories under the root directory `secret_dir` can be created for individual keys by specifying a `prefix` path for that secret. Secrets will default to be downloaded to the root `secret_dir` directory otherwise.
+
+Note: `zanzibar get` can fetch passwords or files, but `zanzibar bundle` can
+only operate on secret files.
+
+Sample `Zanzifile`:
+
+```yaml
+---
+settings:
+  wsdl: my.scrt.srvr.com/webservices/sswebservice.asmx?wsdl
+  domain: my.domain.net
+  secret_dir: secrets/
+  ignore_ssl: true
+secrets:
+  ssh_key:
+    id: 249
+    label: Private Key
+    prefix: ssh/
+  encryption_key:
+    id: 483
+    label: Attachment
+  cert_pem:
+    id: 123
+    label: Certificate
+  cert_key:
+    id: 986
+    label: Misc Attachment
+```
+
+Run `zanzibar help` or `zanzibar help [command]` for more information.
+
 ## Contributing
 
 1. Fork it ( https://github.com/Cimpress-MCP/zanzibar/fork )

Rakefile

@@ -1,10 +1,21 @@
-require "bundler/gem_tasks"
+require 'bundler/gem_tasks'
+require 'bundler/setup' # load up our gem environment (incl. local zanzibar)
+require 'rspec/core/rake_task'
+require 'zanzibar/version'
+require 'rubocop/rake_task'
 
-task 'test' do
-  Dir.chdir('test')
-  system("rspec zanzibar_spec.rb")
-end
+task default: [:test]
 
-task 'install_dependencies' do
-  system('bundle install')
+RSpec::Core::RakeTask.new(:test)
+RuboCop::RakeTask.new
+
+task :cc_local do
+  command =  'docker run '
+  command << '--interactive --tty --rm '
+  command << '--env CODECLIMATE_CODE="$PWD" '
+  command << '--volume "$PWD":/code '
+  command << '--volume /var/run/docker.sock:/var/run/docker.sock '
+  command << '--volume /tmp/cc:/tmp/cc '
+  command << 'codeclimate/codeclimate analyze'
+  sh command
 end

bin/zamioculcas

@@ -0,0 +1,4 @@
+#! ruby
+require 'zanzibar/cli'
+
+Zanzibar::Cli.start(ARGV)

bin/zanzibar

@@ -0,0 +1,4 @@
+#! ruby
+require 'zanzibar/cli'
+
+Zanzibar::Cli.start(ARGV)

lib/zanzibar.rb

@@ -1,209 +1,177 @@
-require "zanzibar/version"
+require 'zanzibar/version'
 require 'savon'
 require 'io/console'
 require 'fileutils'
+require 'yaml'
+require 'zanzibar/client'
 
 module Zanzibar
-
   ##
-  # Class for interacting with Secret Server
+  # High-level operations for downloading things from Secret Server
   class Zanzibar
+    ##
+    # @param args{:domain, :wsdl, :pwd, :username, :globals{}}
+    def initialize(args = {})
+      @username = resolve_username(args)
+      @wsdl = resolve_wsdl(args)
+      @password = resolve_password(args)
+      @domain = resolve_domain(args)
+      args[:globals] = {} unless args[:globals]
+      @client = Client.new(@username, @password, @domain, @wsdl, args[:globals])
+    end
 
     ##
-    # @param args{:domain, :wsdl, :pwd, :globals{}}
-
-    def initialize(args = {})
-      if args[:wsdl]
-        @@wsdl = args[:wsdl]
-      else
-        @@wsdl = get_wsdl_location
-      end
-      if args[:pwd]
-          @@password = args[:pwd]
-      else
-        @@password = prompt_for_password
-      end
-      if args[:domain]
-        @@domain = args[:domain]
-      else
-        @@domain = prompt_for_domain
-      end
-      args[:globals] = {} unless args[:globals]
-      init_client(args[:globals])
-    end
-
-    ## Initializes the Savon client class variable with the wdsl document location and optional global variables
-    # @param globals{}, optional
-
-    def init_client(globals = {})
-      globals = {} if globals == nil
-      @@client = Savon.client(globals) do
-        wsdl @@wsdl
-      end
-    end
-
-    ## Gets the user's password if none is provided in the constructor.
+    # Gets the user's password if none is provided in the constructor.
     # @return [String] the password for the current user
-
     def prompt_for_password
-      puts "Please enter password for #{ENV['USER']}:"
-      return STDIN.noecho(&:gets).chomp
+      puts "Please enter password for #{@username}:"
+      STDIN.noecho(&:gets).chomp.tap do
+        puts 'Using password to login...'
+      end
     end
 
-    ## Gets the wsdl document location if none is provided in the constructor
+    ##
+    # Gets the wsdl document location if none is provided in the constructor
     # @return [String] the location of the WDSL document
-
-    def get_wsdl_location
-      puts "Enter the URL of the Secret Server WSDL:"
-      return STDIN.gets.chomp
+    def prompt_for_wsdl_location
+      puts 'Enter the URL of the Secret Server WSDL:'
+      STDIN.gets.chomp
     end
 
-    ## Gets the domain of the Secret Server installation if none is provided in the constructor
+    ##
+    # Gets the domain of the Secret Server installation if none is provided in the constructor
     # @return [String] the domain of the secret server installation
-
     def prompt_for_domain
-      puts "Enter the domain of your Secret Server:"
-      return STDIN.gets.chomp
+      puts 'Enter the domain of your Secret Server:'
+      STDIN.gets.chomp
     end
 
-
-    ## Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
-    # Will raise an error if there is an issue with the authentication.
-    # @return the authentication token for the current user.
-
-    def get_token
-      begin
-        response = @@client.call(:authenticate, message: { username: ENV['USER'], password: @@password, organization: "", domain: @@domain }).hash
-        if response[:envelope][:body][:authenticate_response][:authenticate_result][:errors]
-          raise "Error generating the authentication token for user #{ENV['USER']}: #{response[:envelope][:body][:authenticate_response][:authenticate_result][:errors][:string]}"
-        end
-        response[:envelope][:body][:authenticate_response][:authenticate_result][:token]
-      rescue Savon::Error => err
-        raise "There was an error generating the authentiaton token for user #{ENV['USER']}: #{err}"
-      end
-    end
-
-    ## Get a secret returned as a hash
-    # Will raise an error if there was an issue getting the secret
-    # @param [Integer] the secret id
-    # @return [Hash] the secret hash retrieved from the wsdl
-
-    def get_secret(scrt_id, token = nil)
-      begin
-        secret = @@client.call(:get_secret, message: { token: token || get_token, secretId: scrt_id}).hash
-        if secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors]
-          raise "There was an error getting secret #{scrt_id}: #{secret[:envelope][:body][:get_secret_response][:get_secret_result][:errors][:string]}"
-        end
-        return secret
-      rescue Savon::Error => err
-        raise "There was an error getting the secret with id #{scrt_id}: #{err}"
-      end
-    end
-
-    ## Retrieve a simple password from a secret
+    ##
+    # Retrieve the value from a field label of a secret
     # Will raise an error if there are any issues
     # @param [Integer] the secret id
-    # @return [String] the password for the given secret
-
-    def get_password(scrt_id)
-      begin
-        secret = get_secret(scrt_id)
-        return secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item][1][:value]
-      rescue Savon::Error => err
-        raise "There was an error getting the password for secret #{scrt_id}: #{err}"
-      end
+    # @param [String] the field label to get, defaults to Password
+    # @return [String] the value for the given field label
+    def get_fieldlabel_value(scrt_id, fieldlabel = 'Password')
+      secret = @client.get_secret(scrt_id)
+      secret_items = secret[:secret][:items][:secret_item]
+      return @client.get_secret_item_by_field_name(secret_items, fieldlabel)[:value]
+    rescue Savon::Error => err
+      raise "There was an error getting '#{fieldlabel}' for secret #{scrt_id}: #{err}"
     end
 
-    ## Get the secret item id that relates to a key file or attachment.
-    # Will raise on error
+    ##
+    # Retrieve a simple password from a secret
+    # Calls get get_fieldlabel_value()
     # @param [Integer] the secret id
-    # @param [String] the type of secret item to get, one of privatekey, publickey, attachment
-    # @return [Integer] the secret item id
-
-    def get_scrt_item_id(scrt_id, type, token)
-      secret = get_secret(scrt_id, token)
-      case type
-        when 'privatekey'
-          ## Get private key item id
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Private Key'
-          end
-        when 'publickey'
-          ## Get public key item id
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Public Key'
-          end
-        when 'attachment'
-          ## Get attachment item id. This currently only supports secrets with one attachment.
-          secret[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:items][:secret_item].each do |item|
-            return item[:id] if item[:field_name] == 'Attachment'
-          end
-        else
-          raise "Unknown type, #{type}."
-        end
+    # @return [String] the password for the given secret
+    def get_password(scrt_id)
+      get_fieldlabel_value(scrt_id)
     end
 
-    ## Downloads the private key for a secret and places it where Zanzibar is running, or :path if specified
-    # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
+    ##
+    # Get the password, save it to a file, and return the path to the file.
+    def get_username_and_password_and_save(scrt_id, path, name)
+      secret_items = @client.get_secret(scrt_id)[:secret][:items][:secret_item]
+      password = @client.get_secret_item_by_field_name(secret_items, 'Password')[:value]
+      username = @client.get_secret_item_by_field_name(secret_items, 'Username')[:value]
+      save_username_and_password_to_file(password, username, path, name)
+      File.join(path, name)
+    end
 
+    ##
+    # Write the password to a file. Intended for use with a Zanzifile
+    def save_username_and_password_to_file(password, username, path, name)
+      user_pass = { 'username' => username.to_s, 'password' => password.to_s }.to_yaml
+      File.open(File.join(path, name), 'wb') do |file|
+        file.print user_pass
+      end
+    end
+
+    ##
+    # Downloads a file for a secret and places it where Zanzibar is running, or :path if specified
+    # Raise on error
+    # @param [Hash] args, :scrt_id, :type (one of "Private Key", "Public Key", "Attachment"), :scrt_item_id - optional, :path - optional
+    def download_secret_file(args = {})
+      response = @client.download_file_attachment_by_item_id(args[:scrt_id], args[:scrt_item_id], args[:type])
+      raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{response[:errors][:string]}" if response[:errors]
+      return write_secret_to_file(args[:path], response)
+    rescue Savon::Error => err
+      raise "There was an error getting the #{args[:type]} for secret #{args[:scrt_id]}: #{err}"
+    end
+
+    ##
+    # Download a private key secret
+    # @deprecated
     def download_private_key(args = {})
-      token = get_token
-      FileUtils.mkdir_p(args[:path]) if args[:path]
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'privatekey', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
-        end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the private key for secret #{args[:scrt_id]}: #{err}"
-      end
+      args[:type] = 'Private Key'
+      download_secret_file(args)
     end
 
-    ## Downloads the public key for a secret and places it where Zanzibar is running, or :path if specified
-    # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
-
+    ##
+    # Download a public key secret
+    # @deprecated
     def download_public_key(args = {})
-      token = get_token
-      FileUtils.mkdir_p(args[:path]) if args[:path]
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'publickey', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
-      end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the public key for secret #{args[:scrt_id]}: #{err}"
+      args[:type] = 'Public Key'
+      download_secret_file(args)
+    end
+
+    ##
+    # Download an arbitrary secret attachment
+    # @deprecated
+    def download_attachment(args = {})
+      args[:type] = 'Attachment'
+      download_secret_file(args)
+    end
+
+    private
+
+    def make_or_find_path(path = nil)
+      FileUtils.mkdir_p(path) if path
+      path || '.'
+    end
+
+    def resolve_username(args = {})
+      if args[:username]
+        args[:username]
+      elsif ENV['ZANZIBAR_USER']
+        ENV['ZANZIBAR_USER']
+      else
+        ENV['USER']
       end
     end
 
-    ## Downloads an attachment for a secret and places it where Zanzibar is running, or :path if specified
-    # Raise on error
-    # @param [Hash] args, :scrt_id, :scrt_item_id - optional, :path - optional
+    def resolve_wsdl(args = {})
+      args[:wsdl]
+    end
 
-    def download_attachment(args = {})
-      token = get_token
-      FileUtils.mkdir_p(args[:path]) if args[:path]
-      path = args[:path] ? args[:path] : '.' ## The File.join below doesn't handle nils well, so let's take that possibility away.
-      begin
-        response = @@client.call(:download_file_attachment_by_item_id, message: { token: token, secretId: args[:scrt_id], secretItemId: args[:scrt_item_id] || get_scrt_item_id(args[:scrt_id], 'attachment', token)}).hash
-        if response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:errors]
-          raise "There was an error getting the attachment for secret #{args[:scrt_id]}: #{response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:string]}"
+    def resolve_password(args = {})
+      if args[:pwd]
+        args[:pwd]
+      elsif ENV['ZANZIBAR_PASSWORD']
+        ENV['ZANZIBAR_PASSWORD']
+      else
+        prompt_for_password
       end
-        File.open(File.join(path, response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_name]), 'wb') do |file|
-          file.puts Base64.decode64(response[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result][:file_attachment])
-        end
-      rescue Savon::Error => err
-        raise "There was an error getting the attachment from secret #{args[:scrt_id]}: #{err}"
+    end
+
+    def resolve_domain(args = {})
+      if args[:domain]
+        args[:domain]
+      else
+        prompt_for_domain
       end
     end
+
+    def write_secret_to_file(path, secret_response)
+      path = make_or_find_path(path)
+      filepath = File.join(path, secret_response[:file_name])
+
+      File.open(filepath, 'wb') do |file|
+        file.puts Base64.decode64(secret_response[:file_attachment])
+      end
+
+      filepath
+    end
   end
 end

lib/zanzibar/actions.rb

@@ -0,0 +1,3 @@
+require 'zanzibar/actions/init'
+require 'zanzibar/actions/bundle'
+require 'zanzibar/actions/get'

lib/zanzibar/actions/base.rb

@@ -0,0 +1,33 @@
+module Zanzibar
+  module Actions
+    # Basic plumbing for all actions
+    class Base
+      ##
+      # The options passed in from the Thor action
+      attr_accessor :options
+      private :options=
+
+      ##
+      # The logger that Thor is using for this run
+      attr_accessor :logger
+      private :logger=
+
+      ##
+      # Initialize the basic components used by all actions
+      def initialize(logger, options = {})
+        self.logger  = logger
+        self.options = options
+      end
+
+      private
+
+      def debug(*args, &block)
+        logger.debug(*args, &block)
+      end
+
+      def source_root
+        @source_root ||= Pathname.new(File.expand_path('../../../../', __FILE__))
+      end
+    end
+  end
+end

lib/zanzibar/actions/bundle.rb

@@ -0,0 +1,158 @@
+require 'zanzibar/actions/base'
+require 'zanzibar/error'
+require 'zanzibar'
+
+module Zanzibar
+  module Actions
+    # Download or verify the secrets in a Zanzifile
+    class Bundle < Base
+      ##
+      # The settings defined in the Zanzifile
+      attr_accessor :settings
+
+      ##
+      # The unresolved secrets from the Zanzifile
+      attr_accessor :remote_secrets
+
+      ##
+      # The resolved secrets from the Zanzifile.resolved
+      attr_accessor :local_secrets
+
+      ##
+      # Whether to disregard local secrets and re-download regardness
+      attr_accessor :update
+
+      ##
+      # Our Zanzibar client
+      attr_accessor :zanzibar
+
+      ##
+      # An action that will fetch secrets defined in a Zanzifile
+      def initialize(ui, options, args = {})
+        super(ui, options)
+        @update = args[:update]
+      end
+
+      ##
+      # Coordinate downloading to secrets (or skipping ones we already have)
+      def run
+        ensure_zanzifile
+        load_required_secrets
+        ensure_secrets_path
+        validate_environment
+        load_resolved_secrets if resolved_file?
+        validate_local_secrets unless @update
+        run!
+      end
+
+      private
+
+      def run!
+        if need_secrets?
+          new_secrets = download_remote_secrets
+          update_resolved_file new_secrets
+        else
+          debug { 'No secrets to download...' }
+        end
+      end
+
+      def ensure_zanzifile
+        raise Error, NO_ZANZIFILE_ERROR unless File.exist? ZANZIFILE_NAME
+        debug { "#{ZANZIFILE_NAME} located..." }
+      end
+
+      def ensure_secrets_path
+        ## Make sure the directory exists and that a .gitignore is there to ignore it
+        if @settings['secret_dir']
+          FileUtils.mkdir_p(@settings['secret_dir'])
+          unless File.exist? "#{@settings['secret_dir']}/.gitignore"
+            File.open("#{@settings['secret_dir']}/.gitignore", 'w') do |file|
+              file.puts '*'
+              file.puts '!.gitignore'
+            end
+          end
+        end
+      end
+
+      def resolved_file?
+        File.exist? RESOLVED_NAME
+      end
+
+      def load_required_secrets
+        zanzifile = YAML.load_file(ZANZIFILE_NAME)
+        @settings = zanzifile['settings'] || {}
+        @remote_secrets = zanzifile['secrets'] || {}
+        @local_secrets = {}
+      end
+
+      def validate_environment
+        return unless @settings.empty? || @remote_secrets.empty?
+        raise Error, INVALID_ZANZIFILE_ERROR
+      end
+
+      def load_resolved_secrets
+        @local_secrets = YAML.load_file RESOLVED_NAME
+      end
+
+      def need_secrets?
+        !@remote_secrets.empty?
+      end
+
+      def validate_local_secrets
+        @local_secrets.each do |key, secret|
+          if File.exist?(secret[:path]) && secret[:hash] == Digest::MD5.file(secret[:path]).hexdigest
+            debug { "#{key} found locally, skipping download..." }
+            @remote_secrets.delete key
+          end
+        end
+      end
+
+      def download_remote_secrets
+        args = @settings['ignore_ssl'] ? { ssl_verify_mode: :none } : {}
+
+        downloaded_secrets = {}
+        remote_secrets.each do |key, secret|
+          full_path = secret.key?('prefix') ? File.join(@settings['secret_dir'], secret['prefix']) : @settings['secret_dir']
+          downloaded_secrets[key] = download_one_secret(secret['id'], secret['label'], full_path,
+                                                        args, secret_filename(secret))
+
+          debug { "Downloaded secret: #{key} to #{@settings['secret_dir']}..." }
+        end
+
+        downloaded_secrets
+      end
+
+      def download_one_secret(scrt_id, label, path, args, name = nil)
+        if label == 'Password'
+          path = zanzibar(args).get_username_and_password_and_save(scrt_id, path, name)
+        else
+          path = zanzibar(args).download_secret_file(scrt_id: scrt_id,
+                                                     type: label,
+                                                     path: path)
+        end
+
+        { path: path, hash: Digest::MD5.file(path).hexdigest }
+      end
+
+      def update_resolved_file(new_secrets)
+        @local_secrets.merge! new_secrets
+
+        File.open(RESOLVED_NAME, 'w') do |out|
+          YAML.dump(@local_secrets, out)
+        end
+
+        debug { 'Updated resolved file...' }
+      end
+
+      def zanzibar(args)
+        @zanzibar ||= ::Zanzibar::Zanzibar.new(wsdl: @settings['wsdl'],
+                                               domain: @settings['domain'],
+                                               globals: args)
+      end
+
+      def secret_filename(secret)
+        secret['name'] || "#{secret['id']}_password"
+      end
+    end
+  end
+end

lib/zanzibar/actions/get.rb

@@ -0,0 +1,78 @@
+require 'zanzibar/actions/base'
+require 'zanzibar/error'
+require 'zanzibar'
+require 'zanzibar/defaults'
+
+module Zanzibar
+  module Actions
+    # Fetch a single secret
+    class Get < Base
+      ##
+      # The options to use when initializing our Zanzibar client
+      attr_accessor :zanibar_options
+
+      ##
+      # The id of the secret to download
+      attr_accessor :scrt_id
+
+      ##
+      # Initialize the action
+      def initialize(ui, options, scrt_id)
+        super(ui, options)
+        @scrt_id = scrt_id
+        @zanzibar_options = {}
+      end
+
+      ##
+      # Ensure we have the options we need and download the secret
+      def run
+        construct_options
+        ensure_options
+
+        fetch_secret(@scrt_id)
+      end
+
+      ##
+      # Actually download the secret
+      def fetch_secret(scrt_id)
+        scrt = ::Zanzibar::Zanzibar.new(@zanzibar_options)
+
+        if @zanzibar_options[:filelabel]
+          scrt.download_secret_file(scrt_id: scrt_id,
+                                    type: @zanzibar_options[:filelabel])
+        else
+          scrt.get_fieldlabel_value(scrt_id, @zanzibar_options[:fieldlabel])
+        end
+      end
+
+      ##
+      # Coalesce our options and some defaults to ensure we are ready to run
+      def construct_options
+        @zanzibar_options[:wsdl] = construct_wsdl
+        @zanzibar_options[:globals] = { ssl_verify_mode: :none } if options['ignoressl']
+        @zanzibar_options[:domain] = options['domain']
+        @zanzibar_options[:username] = options['username'] unless options['username'].nil?
+        @zanzibar_options[:domain] = options['domain'] ? options['domain'] : 'local'
+        @zanzibar_options[:fieldlabel] = options['fieldlabel'] || 'Password'
+        @zanzibar_options[:filelabel] = options['filelabel'] if options['filelabel']
+      end
+
+      ##
+      # Construct a WSDL URL from the server hostname if necessary
+      def construct_wsdl
+        if options['wsdl'].nil? && options['server']
+          DEFAULT_WSDL % options['server']
+        else
+          options['wsdl']
+        end
+      end
+
+      ##
+      # Make sure a proper WSDL was constructed
+      def ensure_options
+        return if @zanzibar_options[:wsdl]
+        raise Error, NO_WSDL_ERROR
+      end
+    end
+  end
+end

lib/zanzibar/actions/init.rb

@@ -0,0 +1,45 @@
+require 'zanzibar/actions/base'
+require 'zanzibar/error'
+require 'ostruct'
+require 'erb'
+require 'zanzibar/defaults'
+
+module Zanzibar
+  module Actions
+    # Create a new Zanzifile
+    class Init < Base
+      ##
+      # Make sure we don't already have a Zanzifile, then template one
+      def run
+        check_for_zanzifile
+        write_template
+      end
+
+      private
+
+      def check_for_zanzifile
+        return unless File.exist?(ZANZIFILE_NAME) && !options['force']
+        raise Error, ALREADY_EXISTS_ERROR
+      end
+
+      def write_template
+        template = TemplateRenderer.new(options)
+
+        File.open(ZANZIFILE_NAME, 'w') do |f|
+          f.write template.render(File.read(source_root.join(TEMPLATE_NAME)))
+        end
+      end
+
+      ##
+      # Allows us to easily feed our options hash
+      # to an ERB
+      class TemplateRenderer < OpenStruct
+        ##
+        # Render an ERB template to a string
+        def render(template)
+          ERB.new(template).result(binding)
+        end
+      end
+    end
+  end
+end

lib/zanzibar/cli.rb

@@ -0,0 +1,150 @@
+require 'thor'
+require 'thor/actions'
+require 'zanzibar/version'
+require 'zanzibar/cli'
+require 'zanzibar/ui'
+require 'zanzibar/actions'
+require 'zanzibar/error'
+require 'zanzibar/defaults'
+
+module Zanzibar
+  ##
+  # The `zanzibar` binary/thor application main class.
+  # See http://whatisthor.com/ for information on syntax.
+  class Cli < Thor
+    include Thor::Actions
+
+    ##
+    # The stream to which we are writing messages (usually stdout)
+    attr_accessor :ui
+
+    ##
+    # Initialize the application and set some logging defaults
+    def initialize(*)
+      super
+      the_shell = (options['no-color'] ? Thor::Shell::Basic.new : shell)
+      @ui = Shell.new(the_shell)
+      @ui.be_quiet! if options['quiet']
+      @ui.debug! if options['verbose']
+
+      debug_header
+    end
+
+    ##
+    # Print the version of the application
+    desc 'version', 'Display your Zanzibar verion'
+    def version
+      say "#{APPLICATION_NAME} Version: #{VERSION}"
+    end
+
+    ##
+    # Generate a new blank Zanzifile
+    desc 'init', "Create an empty #{ZANZIFILE_NAME} in the current directory."
+    option 'verbose', type: :boolean, default: false, aliases: :v
+    option 'wsdl', type: :string, aliases: :w,
+                   default: DEFAULT_WSDL % DEFAULT_SERVER,
+                   desc: 'The URI of the WSDL file for your Secret Server instance'
+    option 'domain', type: :string, default: 'local', aliases: :d,
+                     desc: 'The logon domain for your Secret Server account'
+    option 'force', type: :boolean, default: false, aliases: :f,
+                    desc: 'Recreate the Zanzifile if one already exists.'
+    option 'secretdir', type: :string, default: 'secrets/', aliases: :s,
+                        desc: 'The directory to which secrets should be downloaded.'
+    option 'ignoressl', type: :boolean, default: 'false', aliases: :k,
+                        desc: 'Don\'t check the SSL certificate of Secret Server'
+    def init
+      run_action { init! }
+    end
+
+    ##
+    # Fetch secrets declared in a local Zanzifle
+
+    desc 'bundle', "Fetch secrets declared in your #{ZANZIFILE_NAME}"
+    option 'verbose', type: :boolean, default: false, aliases: :v
+
+    def bundle
+      run_action { bundle! }
+    end
+
+    desc 'plunder', "Alias to `#{APPLICATION_NAME} bundle`", hide: true
+    option 'verbose', type: :boolean, default: false, aliases: :v
+    alias plunder bundle
+
+    desc 'install', "Alias to `#{APPLICATION_NAME} bundle`"
+    alias install bundle
+
+    ##
+    # Redownload Zazifile secrets
+
+    desc 'update', "Redownload all secrets in your #{ZANZIFILE_NAME}"
+    option 'verbose', type: :boolean, default: false, aliases: :v
+
+    def update
+      run_action { update! }
+    end
+
+    desc 'get SECRETID', 'Fetch a single SECRETID from Secret Server'
+    option 'domain', type: :string, aliases: :d,
+                     desc: 'The logon domain to use when logging in.'
+    option 'server', type: :string, aliases: :s,
+                     desc: 'The Secret Server hostname or IP'
+    option 'wsdl', type: :string, aliases: :w,
+                   desc: 'Full path to the Secret Server WSDL'
+    option 'ignoressl', type: :boolean, aliases: :k,
+                        desc: 'Don\'t verify Secret Server\'s SSL certificate'
+    option 'filelabel', type: :string, aliases: :f,
+                        desc: 'Specify a file (by label) to download'
+    option 'fieldlabel', type: :string, aliases: :l,
+                         desc: 'Specify a field (by label) to get'
+    option 'username', type: :string, aliases: :u
+    option 'password', type: :string, aliases: :p
+    ##
+    # Fetch a single secret specified on the commandline
+    def get(scrt_id)
+      run_action { get! scrt_id }
+    end
+
+    private
+
+    def debug_header
+      @ui.debug { "Running #{APPLICATION_NAME} in debug mode..." }
+      @ui.debug { "Ruby Version: #{RUBY_VERSION}" }
+      @ui.debug { "Ruby Platform: #{RUBY_PLATFORM}" }
+      @ui.debug { "#{APPLICATION_NAME} Version: #{VERSION}" }
+    end
+
+    ##
+    # Run the specified action and rescue errors we
+    # explicitly send back to format them
+    def run_action(&_block)
+      yield
+    rescue ::Zanzibar::Error => e
+      @ui.error e
+      abort "Fatal error: #{e.message}"
+    end
+
+    def init!
+      say "Initializing a new #{ZANZIFILE_NAME} in the current directory..."
+      Actions::Init.new(@ui, options).run
+      say "Your #{ZANZIFILE_NAME} has been created!"
+      say 'You should check the settings and add your secrets.'
+      say 'Then run `zanzibar bundle` to fetch them.'
+    end
+
+    def bundle!
+      say "Checking for secrets declared in your #{ZANZIFILE_NAME}..."
+      Actions::Bundle.new(@ui, options).run
+      say 'Finished downloading secrets!'
+    end
+
+    def update!
+      say "Redownloading all secrets declared in your #{ZANZIFILE_NAME}..."
+      Actions::Bundle.new(@ui, options, update: true).run
+      say 'Finished downloading secrets!'
+    end
+
+    def get!(scrt_id)
+      say Actions::Get.new(@ui, options, scrt_id).run
+    end
+  end
+end

lib/zanzibar/client.rb

@@ -0,0 +1,91 @@
+require 'zanzibar/version'
+require 'savon'
+require 'io/console'
+require 'fileutils'
+require 'yaml'
+
+module Zanzibar
+  ##
+  # Class for performing low-level WSDL actions against Secret Server
+  class Client
+    ##
+    # Initializes the Savon client class variable with the wdsl document location and optional global variables
+    # @param globals{}, optional
+    def initialize(username, password, domain, wsdl, globals = {})
+      @username = username
+      @password = password
+      @domain = domain
+
+      globals = {} if globals.nil?
+
+      wsdl_loc = wsdl
+      @client = Savon.client(globals) do
+        wsdl wsdl_loc
+      end
+    end
+
+    ##
+    # Get an authentication token for interacting with Secret Server. These are only good for about 10 minutes so just get a new one each time.
+    # Will raise an error if there is an issue with the authentication.
+    # @return the authentication token for the current user.
+    def generate_token
+      response = @client.call(:authenticate, message: { username: @username, password: @password, organization: '', domain: @domain })
+                        .hash[:envelope][:body][:authenticate_response][:authenticate_result]
+      raise "Error generating the authentication token for user #{@username}: #{response[:errors][:string]}" if response[:errors]
+      response[:token]
+    rescue Savon::Error => err
+      raise "There was an error generating the authentiaton token for user #{@username}: #{err}"
+    end
+
+    ##
+    # Get a secret returned as a hash
+    # Will raise an error if there was an issue getting the secret
+    # @param [Integer] the secret id
+    # @return [Hash] the secret hash retrieved from the wsdl
+    def get_secret(scrt_id, token = nil)
+      secret = @client.call(:get_secret, message: { token: token || generate_token, secretId: scrt_id }).hash[:envelope][:body][:get_secret_response][:get_secret_result]
+      raise "There was an error getting secret #{scrt_id}: #{secret[:errors][:string]}" if secret[:errors]
+      return secret
+    rescue Savon::Error => err
+      raise "There was an error getting the secret with id #{scrt_id}: #{err}"
+    end
+
+    ##
+    # Get the secret item id that relates to a key file or attachment.
+    # Will raise on error
+    # @param [Integer] the secret id
+    # @param [String] the type of secret item to get, one of privatekey, publickey, attachment
+    # @return [Integer] the secret item id
+    def get_scrt_item_id(scrt_id, type, token)
+      secret = get_secret(scrt_id, token)
+      secret_items = secret[:secret][:items][:secret_item]
+      begin
+        return get_secret_item_by_field_name(secret_items, type)[:id]
+      rescue => e
+
+        raise "Unknown type, #{type}. #{e}"
+      end
+    end
+
+    ##
+    # Get an "Attachment"-type file from a secret
+    # @param [Integer] the id of the secret
+    # @param [Integer] the id of the attachment on the secret
+    # @param [String] the type of the item being downloaded
+    # @return [Hash] contents and metadata of the downloaded file
+    def download_file_attachment_by_item_id(scrt_id, secret_item_id, item_type, token = nil)
+      token = generate_token unless token
+      @client.call(:download_file_attachment_by_item_id, message:
+                  { token: token, secretId: scrt_id, secretItemId: secret_item_id || get_scrt_item_id(scrt_id, item_type, token) })
+             .hash[:envelope][:body][:download_file_attachment_by_item_id_response][:download_file_attachment_by_item_id_result]
+    end
+
+    ##
+    # Extract an item from a secret based on field name
+    def get_secret_item_by_field_name(secret_items, field_name)
+      secret_items.each do |item|
+        return item if item[:field_name] == field_name
+      end
+    end
+  end
+end

lib/zanzibar/defaults.rb

@@ -0,0 +1,26 @@
+require 'pathname'
+
+# Definitions for various strings used throughout the gem
+module Zanzibar
+  # The name of the binstub that invoked this code
+  APPLICATION_NAME = Pathname.new($PROGRAM_NAME).basename
+  # The filename of the Zanzifile
+  ZANZIFILE_NAME = 'Zanzifile'.freeze
+  # The filename of the resolved Zanzifile
+  RESOLVED_NAME = 'Zanzifile.resolved'.freeze
+  # The template to use when writing the Zanzifile
+  TEMPLATE_NAME = 'templates/Zanzifile.erb'.freeze
+  # The default value of the server when writing the Zanzifile
+  DEFAULT_SERVER = 'secret.example.com'.freeze
+  # The default WSDL location for the Zanzifile template
+  DEFAULT_WSDL = 'https://%s/webservices/sswebservice.asmx?wsdl'.freeze
+
+  # Error thrown when trying to overwrite an existing Zanzifile
+  ALREADY_EXISTS_ERROR = "#{ZANZIFILE_NAME} already exists! Aborting...".freeze
+  # Error thrown when unable to construct the WSDL location
+  NO_WSDL_ERROR = 'Could not construct WSDL URL. Please provide either --server or --wsdl'.freeze
+  # Error thrown when trying to download secrets from a Zanzifile that doesn't exist
+  NO_ZANZIFILE_ERROR = "You don't have a #{ZANZIFILE_NAME}! Run `#{APPLICATION_NAME} init` first!".freeze
+  # Error thrown when a Zanzifile is missing necessary information
+  INVALID_ZANZIFILE_ERROR = "Unable to load your #{ZANZIFILE_NAME}. Please ensure it is valid YAML.".freeze
+end

lib/zanzibar/error.rb

@@ -0,0 +1,6 @@
+module Zanzibar
+  # A standard error with a different name
+  # for identifying errors internal to zanzibar
+  class Error < StandardError
+  end
+end

lib/zanzibar/ui.rb

@@ -0,0 +1,61 @@
+require 'rubygems/user_interaction'
+
+module Zanzibar
+  ##
+  # Prints messages out to stdout
+  class Shell
+    ##
+    # The stream to write log messages (usually stdout)
+    attr_writer :shell
+
+    ##
+    # Logging options and initializing stream
+    def initialize(shell)
+      @shell = shell
+      @quiet = false
+      @debug = ENV['DEBUG']
+    end
+
+    ##
+    # Write a debug message if debug is enabled
+    def debug(message = nil)
+      @shell.say(message || yield) if @debug && !@quiet
+    end
+
+    ##
+    # Write an info message unless we have silenced output
+    def info(message = nil)
+      @shell.say(message || yield) unless @quiet
+    end
+
+    ##
+    # Ask the user for confirmation unless we have silenced output
+    def confirm(message = nil)
+      @shell.say(message || yield, :green) unless @quiet
+    end
+
+    ##
+    # Print a warning
+    def warn(message = nil)
+      @shell.say(message || yield, :yellow)
+    end
+
+    ##
+    # Print an error
+    def error(message = nil)
+      @shell.say(message || yield, :red)
+    end
+
+    ##
+    # Enable silent mode
+    def be_quiet!
+      @quiet = true
+    end
+
+    ##
+    # Enable debug mode
+    def debug!
+      @debug = true
+    end
+  end
+end

lib/zanzibar/version.rb

@@ -1,3 +1,5 @@
+# The version of the gem
 module Zanzibar
-  VERSION = "0.0.8"
+  # The Version of the application
+  VERSION = '0.2.0'.freeze
 end

spec/files/.gitignore

@@ -0,0 +1 @@
+!Zanzifile

spec/files/Zanzifile

@@ -0,0 +1,14 @@
+---
+settings:
+  wsdl: scrt.wsdl
+  domain: zanzitest.net
+  secret_dir: secrets/
+  ignore_ssl: true
+secrets:
+  ssh_key:
+    id: 2345
+    label: Private Key
+  prefix_ssh_key:
+    id: 2345
+    label: Private Key
+    prefix: ssh/

spec/lib/zanzibar/actions/bundle_spec.rb

@@ -0,0 +1,113 @@
+require 'zanzibar/cli'
+require 'zanzibar/defaults'
+require 'rspec'
+require 'fakefs/spec_helpers'
+require 'webmock'
+require 'rspec'
+require 'webmock/rspec'
+
+include WebMock::API
+
+describe Zanzibar::Cli do
+  include FakeFS::SpecHelpers
+
+  describe '#bundle' do
+    context 'when Zanzifile already exists' do
+      before(:each) do
+        spec_root = File.join(source_root, 'spec')
+        response_root = File.join(spec_root, 'responses')
+        wsdl = File.join(spec_root, 'scrt.wsdl')
+        files = File.join(spec_root, 'files')
+
+        FakeFS::FileSystem.clone response_root
+        FakeFS::FileSystem.clone wsdl
+        FakeFS::FileSystem.clone files
+
+        stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+          .to_return(body: AUTH_XML, status: 200).then
+          .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+          .to_return(body: PRIVATE_KEY_XML, status: 200).then
+          .to_return(body: AUTH_XML, status: 200).then
+          .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+          .to_return(body: PRIVATE_KEY_XML, status: 200)
+
+        Dir.chdir File.join(source_root, 'spec', 'files')
+      end
+
+      before(:all) do
+        ENV['ZANZIBAR_PASSWORD'] = 'password'
+      end
+
+      after(:all) do
+        ENV.delete 'ZANZIBAR_PASSWORD'
+      end
+
+      it 'should have a Zanzifile' do
+        expect(FakeFS::FileTest.file? Zanzibar::ZANZIFILE_NAME).to be(true)
+        expect(File.read(Zanzibar::ZANZIFILE_NAME)).to include('zanzitest')
+      end
+
+      it 'should download a file' do
+        expect(FakeFS::FileTest.file? File.join('secrets', 'zanzi_key')).to be(false)
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(FakeFS::FileTest.file? File.join('secrets', 'zanzi_key')).to be(true)
+      end
+
+      it 'should download a file to a prefix' do
+        expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(false)
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(FakeFS::FileTest.file? File.join('secrets/ssh', 'zanzi_key')).to be(true)
+      end
+
+      it 'should create a .gitignore' do
+        expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(false)
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(FakeFS::FileTest.file? File.join('secrets', '.gitignore')).to be(true)
+      end
+
+      it 'should create a resolved file' do
+        expect(FakeFS::FileTest.file? Zanzibar::RESOLVED_NAME).to be(false)
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(FakeFS::FileTest.file? Zanzibar::RESOLVED_NAME).to be(true)
+      end
+
+      it 'should not redownload files it already has' do
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
+
+        WebMock.reset!
+
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(WebMock).not_to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      end
+
+      it 'should redownload on update action' do
+        expect { subject.bundle }.to output(/Finished downloading secrets/).to_stdout
+        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
+
+        WebMock.reset!
+        stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+          .to_return(body: AUTH_XML, status: 200).then
+          .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+          .to_return(body: PRIVATE_KEY_XML, status: 200).then
+          .to_return(body: AUTH_XML, status: 200).then
+          .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+          .to_return(body: PRIVATE_KEY_XML, status: 200)
+
+        expect { subject.update }.to output(/Finished downloading secrets/).to_stdout
+        expect(WebMock).to have_requested(:post, 'https://www.zanzitest.net/webservices/sswebservice.asmx').times(6)
+      end
+
+      it 'should reject a malformed Zanzifile' do
+        File.write('Zanzifile', 'broken YAML')
+        expect { subject.bundle }.to raise_error.with_message(/#{Zanzibar::INVALID_ZANZIFILE_ERROR}/)
+      end
+    end
+
+    context 'when Zanzifile does not exist' do
+      it 'should return an error' do
+        expect { subject.bundle }.to raise_error.with_message(/#{Zanzibar::NO_ZANZIFILE_ERROR}/)
+      end
+    end
+  end
+end

spec/lib/zanzibar/actions/get_spec.rb

@@ -0,0 +1,69 @@
+require 'zanzibar/cli'
+require 'rspec'
+require 'fakefs/spec_helpers'
+require 'webmock'
+require 'rspec'
+require 'webmock/rspec'
+require 'zanzibar/defaults'
+
+include WebMock::API
+
+describe Zanzibar::Cli do
+  include FakeFS::SpecHelpers
+
+  describe '#get' do
+    before(:each) do
+      spec_root = File.join(source_root, 'spec')
+      response_root = File.join(spec_root, 'responses')
+      wsdl = File.join(spec_root, 'scrt.wsdl')
+      files = File.join(spec_root, 'files')
+
+      FakeFS::FileSystem.clone response_root
+      FakeFS::FileSystem.clone wsdl
+      FakeFS::FileSystem.clone files
+
+      stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+        .to_return(body: AUTH_XML, status: 200).then
+        .to_return(body: SECRET_XML, status: 200)
+
+      Dir.chdir File.join(source_root, 'spec', 'files')
+    end
+
+    before(:all) do
+      ENV['ZANZIBAR_PASSWORD'] = 'password'
+    end
+
+    after(:all) do
+      ENV.delete 'ZANZIBAR_PASSWORD'
+      WebMock.reset!
+    end
+
+    it 'should print a password to stdout' do
+      subject.options = { 'domain' => 'zanzitest.net', 'wsdl' => 'scrt.wsdl' }
+      expect { subject.get(1234) }.to output(/zanziUserPassword/).to_stdout
+    end
+
+    it 'should require a wsdl' do
+      expect { subject.get(1234) }.to raise_error.with_message(/#{Zanzibar::NO_WSDL_ERROR}/)
+    end
+
+    it 'should be able to get a field value' do
+      subject.options = { 'domain' => 'zanzitest.net', 'wsdl' => 'scrt.wsdl', 'fieldlabel' => 'Username' }
+      expect { subject.get(1234) }.to output(/ZanziUser/).to_stdout
+    end
+
+    it 'should be able to download files' do
+      WebMock.reset!
+      stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+        .to_return(body: AUTH_XML, status: 200).then
+        .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+        .to_return(body: PRIVATE_KEY_XML, status: 200)
+
+      subject.options = { 'domain' => 'zanzitest.net', 'wsdl' => 'scrt.wsdl', 'filelabel' => 'Private Key' }
+
+      expect(FakeFS::FileTest.file? 'zanzi_key').to be(false)
+      expect { subject.get(2345) }.to output(/zanzi_key/).to_stdout
+      expect(FakeFS::FileTest.file? 'zanzi_key')
+    end
+  end
+end

spec/lib/zanzibar/actions/init_spec.rb

@@ -0,0 +1,53 @@
+require 'zanzibar/cli'
+require 'zanzibar/defaults'
+require 'rspec'
+require 'fakefs/spec_helpers'
+
+describe Zanzibar::Cli do
+  include FakeFS::SpecHelpers
+
+  describe '#init' do
+    before(:each) do
+      templates_root = File.join(source_root, 'templates')
+      FakeFS::FileSystem.clone templates_root
+    end
+
+    context 'when a file does not yet exist' do
+      it 'should create a template file' do
+        expect { subject.init }.to output(/has been created/).to_stdout
+        expect(FakeFS::FileTest.file? Zanzibar::ZANZIFILE_NAME).to be(true)
+        expect(File.read Zanzibar::ZANZIFILE_NAME).to match(/fill in your secrets/)
+      end
+
+      it 'should accept settings as options' do
+        subject.options = { 'wsdl' => 'http://example.com/ss?wsdl',
+                            'domain' => 'example.com',
+                            'secretdir' => 'testfolderplzignore',
+                            'ignoressl' => true }
+
+        expect { subject.init }.to output(/has been created/).to_stdout
+        contents = File.read Zanzibar::ZANZIFILE_NAME
+        expect(contents).to include('wsdl: http://example.com/ss?wsdl')
+        expect(contents).to include('domain: example.com')
+        expect(contents).to include('secret_dir: testfolderplzignore')
+        expect(contents).to include('ignore_ssl: true')
+      end
+    end
+
+    context 'when a file already exists' do
+      before(:each) { File.write(Zanzibar::ZANZIFILE_NAME, 'test value') }
+
+      it 'should not overwrite an existing file' do
+        expect { subject.init }.to raise_error.with_message(/#{Zanzibar::ALREADY_EXISTS_ERROR}/)
+        expect(File.read Zanzibar::ZANZIFILE_NAME).to eq('test value')
+      end
+
+      it 'should obey the force flag' do
+        subject.options = { 'force' => true }
+
+        expect { subject.init }.to output(/has been created/).to_stdout
+        expect(File.read Zanzibar::ZANZIFILE_NAME).to match('fill in your secrets')
+      end
+    end
+  end
+end

spec/lib/zanzibar/version_spec.rb

@@ -0,0 +1,12 @@
+require 'zanzibar/cli'
+require 'zanzibar/version'
+require 'zanzibar/defaults'
+require 'rspec'
+
+describe Zanzibar::Cli do
+  describe '#version' do
+    it 'should print the gem version' do
+      expect { subject.version }.to output(/#{Zanzibar::APPLICATION_NAME} Version/).to_stdout
+    end
+  end
+end

spec/lib/zanzibar_spec.rb

@@ -0,0 +1,127 @@
+require 'zanzibar'
+require 'savon'
+require 'webmock'
+require 'rspec'
+require 'webmock/rspec'
+
+include WebMock::API
+
+describe 'Zanzibar Test' do
+  client = Zanzibar::Zanzibar.new(domain: 'zanzitest.net', pwd: 'password', wsdl: 'spec/scrt.wsdl')
+
+  it 'should return an auth token' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200)
+
+    expect(client.instance_variable_get(:@client).generate_token).to eq('imatoken')
+  end
+
+  it 'should get a secret' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_XML, status: 200)
+
+    expect(client.instance_variable_get(:@client).get_secret(1234)[:secret][:name]).to eq('Zanzi Test Secret')
+  end
+
+  it 'should get a password' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_XML, status: 200)
+
+    expect(client.get_password(1234)).to eq('zanziUserPassword')
+  end
+
+  it 'should download a private key' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+      .to_return(body: PRIVATE_KEY_XML, status: 200)
+
+    client.download_secret_file(scrt_id: 2345, type: 'Private Key')
+    expect(File.exist? 'zanzi_key')
+    expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
+    File.delete('zanzi_key')
+  end
+
+  it 'should download a private key legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+      .to_return(body: PRIVATE_KEY_XML, status: 200)
+
+    client.download_private_key(scrt_id: 2345)
+    expect(File.exist? 'zanzi_key')
+    expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
+    File.delete('zanzi_key')
+  end
+
+  it 'should download a public key' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+      .to_return(body: PUBLIC_KEY_XML, status: 200)
+
+    client.download_secret_file(scrt_id: 2345, type: 'Public Key')
+    expect(File.exist? 'zanzi_key.pub')
+    expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
+    File.delete('zanzi_key.pub')
+  end
+
+  it 'should download a public key legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_WITH_KEY_XML, status: 200).then
+      .to_return(body: PUBLIC_KEY_XML, status: 200)
+
+    client.download_public_key(scrt_id: 2345)
+    expect(File.exist? 'zanzi_key.pub')
+    expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
+    File.delete('zanzi_key.pub')
+  end
+
+  it 'should download an attachment' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_WITH_ATTACHMENT_XML, status: 200).then
+      .to_return(body: ATTACHMENT_XML, status: 200)
+
+    client.download_secret_file(scrt_id: 3456, type: 'Attachment')
+    expect(File.exist? 'attachment.txt')
+    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
+    File.delete('attachment.txt')
+  end
+
+  it 'should download an attachment legacy' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_WITH_ATTACHMENT_XML, status: 200).then
+      .to_return(body: ATTACHMENT_XML, status: 200)
+
+    client.download_attachment(scrt_id: 3456)
+    expect(File.exist? 'attachment.txt')
+    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
+    File.delete('attachment.txt')
+  end
+
+  it 'should save credentials to a file' do
+    stub_request(:any, 'https://www.zanzitest.net/webservices/sswebservice.asmx')
+      .to_return(body: AUTH_XML, status: 200).then
+      .to_return(body: SECRET_XML, status: 200)
+
+    client.get_username_and_password_and_save(1234, '.', 'zanziTestCreds')
+    expect(File.exist? 'zanziTestCreds')
+    expect(File.read('zanziTestCreds')).to eq({ 'username' => 'ZanziUser', 'password' => 'zanziUserPassword' }.to_yaml)
+    File.delete('zanziTestCreds')
+  end
+
+  it 'should use environment variables for credentials' do
+    ENV['ZANZIBAR_USER'] = 'environment_user'
+    ENV['ZANZIBAR_PASSWORD'] = 'environment_password'
+    client = Zanzibar::Zanzibar.new(domain: 'zanzitest.net', wsdl: 'spec/scrt.wsdl')
+    expect(client.instance_variable_get(:@username)).to eq(ENV['ZANZIBAR_USER'])
+    expect(client.instance_variable_get(:@password)).to eq(ENV['ZANZIBAR_PASSWORD'])
+    ENV.delete 'ZANZIBAR_PASSWORD'
+    ENV.delete 'ZANZIBAR_USER'
+  end
+end

spec/responses/attachment_response.xml

@@ -1,12 +1,12 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
-      <DownloadFileAttachmentByItemIdResult>
-        <Errors />
-        <FileAttachment>SSBhbSBhIHNlY3JldCBhdHRhY2htZW50</FileAttachment>
-        <FileName>attachment.txt</FileName>
-      </DownloadFileAttachmentByItemIdResult>
-    </DownloadFileAttachmentByItemIdResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
+      <DownloadFileAttachmentByItemIdResult>
+        <Errors />
+        <FileAttachment>SSBhbSBhIHNlY3JldCBhdHRhY2htZW50</FileAttachment>
+        <FileName>attachment.txt</FileName>
+      </DownloadFileAttachmentByItemIdResult>
+    </DownloadFileAttachmentByItemIdResponse>
+  </soap:Body>
+</soap:Envelope>

spec/responses/download_private_key_response.xml

@@ -1,12 +1,12 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
-      <DownloadFileAttachmentByItemIdResult>
-        <Errors />
-        <FileAttachment>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVkgLS0tLS0KemFuemliYXJUZXN0UGFzc3dvcmQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0=</FileAttachment>
-        <FileName>zanzi_key</FileName>
-      </DownloadFileAttachmentByItemIdResult>
-    </DownloadFileAttachmentByItemIdResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <DownloadFileAttachmentByItemIdResponse xmlns="urn:thesecretserver.com">
+      <DownloadFileAttachmentByItemIdResult>
+        <Errors />
+        <FileAttachment>LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVkgLS0tLS0KemFuemliYXJUZXN0UGFzc3dvcmQKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0=</FileAttachment>
+        <FileName>zanzi_key</FileName>
+      </DownloadFileAttachmentByItemIdResult>
+    </DownloadFileAttachmentByItemIdResponse>
+  </soap:Body>
+</soap:Envelope>

spec/responses/get_secret_with_attachment_response.xml

@@ -1,57 +1,57 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <GetSecretResponse xmlns="urn:thesecretserver.com">
-      <GetSecretResult>
-        <Errors />
-        <Secret>
-          <Name>Zanzi Secret Attachment</Name>
-          <Items>
-            <SecretItem>
-              <Value>N/A</Value>
-              <Id>20144</Id>
-              <FieldId>284</FieldId>
-              <FieldName>Username</FieldName>
-              <IsFile>false</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Username</FieldDisplayName>
-            </SecretItem>
-            <SecretItem>
-              <Value>N/A</Value>
-              <Id>20145</Id>
-              <FieldId>285</FieldId>
-              <FieldName>Password</FieldName>
-              <IsFile>false</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>true</IsPassword>
-              <FieldDisplayName>Password</FieldDisplayName>
-            </SecretItem>
-            <SecretItem>
-              <Value />
-              <Id>20148</Id>
-              <FieldId>287</FieldId>
-              <FieldName>Attachment</FieldName>
-              <IsFile>true</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Attachment</FieldDisplayName>
-            </SecretItem>
-          </Items>
-          <Id>3456</Id>
-          <SecretTypeId>6028</SecretTypeId>
-          <FolderId>85</FolderId>
-          <IsWebLauncher>false</IsWebLauncher>
-          <Active>true</Active>
-          <CheckOutMinutesRemaining xsi:nil="true" />
-          <IsCheckedOut xsi:nil="true" />
-          <CheckOutUserDisplayName />
-          <CheckOutUserId xsi:nil="true" />
-          <IsOutOfSync xsi:nil="true" />
-          <IsRestricted>false</IsRestricted>
-          <OutOfSyncReason />
-        </Secret>
-      </GetSecretResult>
-    </GetSecretResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <GetSecretResponse xmlns="urn:thesecretserver.com">
+      <GetSecretResult>
+        <Errors />
+        <Secret>
+          <Name>Zanzi Secret Attachment</Name>
+          <Items>
+            <SecretItem>
+              <Value>N/A</Value>
+              <Id>20144</Id>
+              <FieldId>284</FieldId>
+              <FieldName>Username</FieldName>
+              <IsFile>false</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Username</FieldDisplayName>
+            </SecretItem>
+            <SecretItem>
+              <Value>N/A</Value>
+              <Id>20145</Id>
+              <FieldId>285</FieldId>
+              <FieldName>Password</FieldName>
+              <IsFile>false</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>true</IsPassword>
+              <FieldDisplayName>Password</FieldDisplayName>
+            </SecretItem>
+            <SecretItem>
+              <Value />
+              <Id>20148</Id>
+              <FieldId>287</FieldId>
+              <FieldName>Attachment</FieldName>
+              <IsFile>true</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Attachment</FieldDisplayName>
+            </SecretItem>
+          </Items>
+          <Id>3456</Id>
+          <SecretTypeId>6028</SecretTypeId>
+          <FolderId>85</FolderId>
+          <IsWebLauncher>false</IsWebLauncher>
+          <Active>true</Active>
+          <CheckOutMinutesRemaining xsi:nil="true" />
+          <IsCheckedOut xsi:nil="true" />
+          <CheckOutUserDisplayName />
+          <CheckOutUserId xsi:nil="true" />
+          <IsOutOfSync xsi:nil="true" />
+          <IsRestricted>false</IsRestricted>
+          <OutOfSyncReason />
+        </Secret>
+      </GetSecretResult>
+    </GetSecretResponse>
+  </soap:Body>
+</soap:Envelope>

spec/responses/get_secret_with_keys_response.xml

@@ -1,47 +1,47 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <soap:Body>
-    <GetSecretResponse xmlns="urn:thesecretserver.com">
-      <GetSecretResult>
-        <Errors />
-        <Secret>
-          <Name>Zanzibar Test Keys</Name>
-          <Items>
-            <SecretItem>
-              <Value />
-              <Id>15214</Id>
-              <FieldId>486</FieldId>
-              <FieldName>Private Key</FieldName>
-              <IsFile>true</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Private Key</FieldDisplayName>
-            </SecretItem>
-            <SecretItem>
-              <Value />
-              <Id>15215</Id>
-              <FieldId>487</FieldId>
-              <FieldName>Public Key</FieldName>
-              <IsFile>true</IsFile>
-              <IsNotes>false</IsNotes>
-              <IsPassword>false</IsPassword>
-              <FieldDisplayName>Public Key</FieldDisplayName>
-            </SecretItem>
-          </Items>
-          <Id>2345</Id>
-          <SecretTypeId>6054</SecretTypeId>
-          <FolderId>85</FolderId>
-          <IsWebLauncher>false</IsWebLauncher>
-          <Active>true</Active>
-          <CheckOutMinutesRemaining xsi:nil="true" />
-          <IsCheckedOut xsi:nil="true" />
-          <CheckOutUserDisplayName />
-          <CheckOutUserId xsi:nil="true" />
-          <IsOutOfSync xsi:nil="true" />
-          <IsRestricted>false</IsRestricted>
-          <OutOfSyncReason />
-        </Secret>
-      </GetSecretResult>
-    </GetSecretResponse>
-  </soap:Body>
-</soap:Envelope>
+<?xml version="1.0" encoding="UTF-8"?>
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <soap:Body>
+    <GetSecretResponse xmlns="urn:thesecretserver.com">
+      <GetSecretResult>
+        <Errors />
+        <Secret>
+          <Name>Zanzibar Test Keys</Name>
+          <Items>
+            <SecretItem>
+              <Value />
+              <Id>15214</Id>
+              <FieldId>486</FieldId>
+              <FieldName>Private Key</FieldName>
+              <IsFile>true</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Private Key</FieldDisplayName>
+            </SecretItem>
+            <SecretItem>
+              <Value />
+              <Id>15215</Id>
+              <FieldId>487</FieldId>
+              <FieldName>Public Key</FieldName>
+              <IsFile>true</IsFile>
+              <IsNotes>false</IsNotes>
+              <IsPassword>false</IsPassword>
+              <FieldDisplayName>Public Key</FieldDisplayName>
+            </SecretItem>
+          </Items>
+          <Id>2345</Id>
+          <SecretTypeId>6054</SecretTypeId>
+          <FolderId>85</FolderId>
+          <IsWebLauncher>false</IsWebLauncher>
+          <Active>true</Active>
+          <CheckOutMinutesRemaining xsi:nil="true" />
+          <IsCheckedOut xsi:nil="true" />
+          <CheckOutUserDisplayName />
+          <CheckOutUserId xsi:nil="true" />
+          <IsOutOfSync xsi:nil="true" />
+          <IsRestricted>false</IsRestricted>
+          <OutOfSyncReason />
+        </Secret>
+      </GetSecretResult>
+    </GetSecretResponse>
+  </soap:Body>
+</soap:Envelope>

spec/scrt.wsdl

@@ -0,0 +1,629 @@
+<?xml version="1.0" encoding="utf-8"?>
+<wsdl:definitions xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/" xmlns:tns="urn:thesecretserver.com" xmlns:s1="urn:thesecretserver.com/AbstractTypes" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/" xmlns:http="http://schemas.xmlsoap.org/wsdl/http/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" targetNamespace="urn:thesecretserver.com" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
+  <wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Webservice for standard integration.</wsdl:documentation>
+  <wsdl:types>
+    <s:schema elementFormDefault="qualified" targetNamespace="urn:thesecretserver.com">
+      <s:complexType name="GenericResult">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="ErrorMessage" type="s:string" />
+        </s:sequence>
+      </s:complexType>
+      <s:element name="Authenticate">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="username" type="s:string" />
+            <s:element minOccurs="0" maxOccurs="1" name="password" type="s:string" />
+            <s:element minOccurs="0" maxOccurs="1" name="organization" type="s:string" />
+            <s:element minOccurs="0" maxOccurs="1" name="domain" type="s:string" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:element name="AuthenticateResponse">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="AuthenticateResult" type="tns:AuthenticateResult" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:complexType name="AuthenticateResult">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
+          <s:element minOccurs="0" maxOccurs="1" name="Token" type="s:string" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="ArrayOfString">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="unbounded" name="string" nillable="true" type="s:string" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="GetSecretResult">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
+          <s:element minOccurs="0" maxOccurs="1" name="SecretError" type="tns:SecretError" />
+          <s:element minOccurs="0" maxOccurs="1" name="Secret" type="tns:Secret" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="SecretError">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="ErrorCode" type="s:string" />
+          <s:element minOccurs="0" maxOccurs="1" name="ErrorMessage" type="s:string" />
+          <s:element minOccurs="1" maxOccurs="1" name="AllowsResponse" type="s:boolean" />
+          <s:element minOccurs="0" maxOccurs="1" name="CommentTitle" type="s:string" />
+          <s:element minOccurs="0" maxOccurs="1" name="AdditionalCommentTitle" type="s:string" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="Secret">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="Name" type="s:string" />
+          <s:element minOccurs="0" maxOccurs="1" name="Items" type="tns:ArrayOfSecretItem" />
+          <s:element minOccurs="1" maxOccurs="1" name="Id" type="s:int" />
+          <s:element minOccurs="1" maxOccurs="1" name="SecretTypeId" type="s:int" />
+          <s:element minOccurs="1" maxOccurs="1" name="FolderId" type="s:int" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsWebLauncher" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="Active" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="CheckOutMinutesRemaining" nillable="true" type="s:int" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsCheckedOut" nillable="true" type="s:boolean" />
+          <s:element minOccurs="0" maxOccurs="1" name="CheckOutUserDisplayName" type="s:string" />
+          <s:element minOccurs="1" maxOccurs="1" name="CheckOutUserId" nillable="true" type="s:int" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsOutOfSync" nillable="true" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsRestricted" nillable="true" type="s:boolean" />
+          <s:element minOccurs="0" maxOccurs="1" name="OutOfSyncReason" type="s:string" />
+          <s:element minOccurs="0" maxOccurs="1" name="SecretSettings" type="tns:SecretSettings" />
+          <s:element minOccurs="0" maxOccurs="1" name="SecretPermissions" type="tns:SecretPermissions" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="ArrayOfSecretItem">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="unbounded" name="SecretItem" nillable="true" type="tns:SecretItem" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="SecretItem">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="Value" type="s:string" />
+          <s:element minOccurs="1" maxOccurs="1" name="Id" nillable="true" type="s:int" />
+          <s:element minOccurs="1" maxOccurs="1" name="FieldId" nillable="true" type="s:int" />
+          <s:element minOccurs="0" maxOccurs="1" name="FieldName" type="s:string" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsFile" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsNotes" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsPassword" type="s:boolean" />
+          <s:element minOccurs="0" maxOccurs="1" name="FieldDisplayName" type="s:string" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="SecretSettings">
+        <s:sequence>
+          <s:element minOccurs="1" maxOccurs="1" name="AutoChangeEnabled" nillable="true" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="RequiresApprovalForAccess" nillable="true" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="RequiresComment" nillable="true" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="CheckOutEnabled" nillable="true" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="CheckOutChangePasswordEnabled" nillable="true" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="PrivilegedSecretId" nillable="true" type="s:int" />
+          <s:element minOccurs="0" maxOccurs="1" name="AssociatedSecretIds" type="tns:ArrayOfInt" />
+          <s:element minOccurs="0" maxOccurs="1" name="Approvers" type="tns:ArrayOfGroupOrUserRecord" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsChangeToSettings" type="s:boolean" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="ArrayOfInt">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="unbounded" name="int" type="s:int" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="ArrayOfGroupOrUserRecord">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="unbounded" name="GroupOrUserRecord" nillable="true" type="tns:GroupOrUserRecord" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="GroupOrUserRecord">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="Name" type="s:string" />
+          <s:element minOccurs="0" maxOccurs="1" name="DomainName" type="s:string" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsUser" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="GroupId" nillable="true" type="s:int" />
+          <s:element minOccurs="1" maxOccurs="1" name="UserId" nillable="true" type="s:int" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="SecretPermissions">
+        <s:sequence>
+          <s:element minOccurs="1" maxOccurs="1" name="CurrentUserHasView" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="CurrentUserHasEdit" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="CurrentUserHasOwner" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="InheritPermissionsEnabled" nillable="true" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="IsChangeToPermissions" type="s:boolean" />
+          <s:element minOccurs="0" maxOccurs="1" name="Permissions" type="tns:ArrayOfPermission" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="ArrayOfPermission">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="unbounded" name="Permission" nillable="true" type="tns:Permission" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="Permission">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="UserOrGroup" type="tns:GroupOrUserRecord" />
+          <s:element minOccurs="1" maxOccurs="1" name="View" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="Edit" type="s:boolean" />
+          <s:element minOccurs="1" maxOccurs="1" name="Owner" type="s:boolean" />
+        </s:sequence>
+      </s:complexType>
+      <s:element name="GetSecret">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
+            <s:element minOccurs="1" maxOccurs="1" name="secretId" type="s:int" />
+            <s:element minOccurs="1" maxOccurs="1" name="loadSettingsAndPermissions" nillable="true" type="s:boolean" />
+            <s:element minOccurs="0" maxOccurs="1" name="codeResponses" type="tns:ArrayOfCodeResponse" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:complexType name="ArrayOfCodeResponse">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="unbounded" name="CodeResponse" nillable="true" type="tns:CodeResponse" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="CodeResponse">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="ErrorCode" type="s:string" />
+          <s:element minOccurs="0" maxOccurs="1" name="Comment" type="s:string" />
+          <s:element minOccurs="0" maxOccurs="1" name="AdditionalComment" type="s:string" />
+        </s:sequence>
+      </s:complexType>
+      <s:element name="GetSecretResponse">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="GetSecretResult" type="tns:GetSecretResult" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:complexType name="WebServiceResult">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
+        </s:sequence>
+      </s:complexType>
+      <s:element name="GetSecretsByFieldValue">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
+            <s:element minOccurs="0" maxOccurs="1" name="fieldName" type="s:string" />
+            <s:element minOccurs="0" maxOccurs="1" name="searchTerm" type="s:string" />
+            <s:element minOccurs="1" maxOccurs="1" name="showDeleted" type="s:boolean" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:element name="GetSecretsByFieldValueResponse">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="GetSecretsByFieldValueResult" type="tns:GetSecretsByFieldValueResult" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:complexType name="GetSecretsByFieldValueResult">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="1" name="Errors" type="tns:ArrayOfString" />
+          <s:element minOccurs="0" maxOccurs="1" name="Secrets" type="tns:ArrayOfSecret" />
+        </s:sequence>
+      </s:complexType>
+      <s:complexType name="ArrayOfSecret">
+        <s:sequence>
+          <s:element minOccurs="0" maxOccurs="unbounded" name="Secret" nillable="true" type="tns:Secret" />
+        </s:sequence>
+      </s:complexType>
+      <s:element name="DownloadFileAttachment">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
+            <s:element minOccurs="1" maxOccurs="1" name="secretId" type="s:int" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:element name="DownloadFileAttachmentResponse">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="DownloadFileAttachmentResult" type="tns:FileDownloadResult" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:complexType name="FileDownloadResult">
+        <s:complexContent mixed="false">
+          <s:extension base="tns:WebServiceResult">
+            <s:sequence>
+              <s:element minOccurs="0" maxOccurs="1" name="FileAttachment" type="s:base64Binary" />
+              <s:element minOccurs="0" maxOccurs="1" name="FileName" type="s:string" />
+            </s:sequence>
+          </s:extension>
+        </s:complexContent>
+      </s:complexType>
+      <s:element name="DownloadFileAttachmentByItemId">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="token" type="s:string" />
+            <s:element minOccurs="1" maxOccurs="1" name="secretId" type="s:int" />
+            <s:element minOccurs="1" maxOccurs="1" name="secretItemId" type="s:int" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:element name="DownloadFileAttachmentByItemIdResponse">
+        <s:complexType>
+          <s:sequence>
+            <s:element minOccurs="0" maxOccurs="1" name="DownloadFileAttachmentByItemIdResult" type="tns:FileDownloadResult" />
+          </s:sequence>
+        </s:complexType>
+      </s:element>
+      <s:element name="AuthenticateResult" nillable="true" type="tns:AuthenticateResult" />
+      <s:element name="GetSecretResult" nillable="true" type="tns:GetSecretResult" />
+      <s:element name="GetSecretsByFieldValueResult" nillable="true" type="tns:GetSecretsByFieldValueResult" />
+      <s:element name="FileDownloadResult" nillable="true" type="tns:FileDownloadResult" />
+    </s:schema>
+    <s:schema targetNamespace="urn:thesecretserver.com/AbstractTypes">
+      <s:import namespace="http://schemas.xmlsoap.org/soap/encoding/" />
+      <s:complexType name="StringArray">
+        <s:complexContent mixed="false">
+          <s:restriction base="soapenc:Array">
+            <s:sequence>
+              <s:element minOccurs="0" maxOccurs="unbounded" name="String" type="s:string" />
+            </s:sequence>
+          </s:restriction>
+        </s:complexContent>
+      </s:complexType>
+    </s:schema>
+  </wsdl:types>
+  <wsdl:message name="AuthenticateSoapIn">
+    <wsdl:part name="parameters" element="tns:Authenticate" />
+  </wsdl:message>
+  <wsdl:message name="AuthenticateSoapOut">
+    <wsdl:part name="parameters" element="tns:AuthenticateResponse" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretSoapIn">
+    <wsdl:part name="parameters" element="tns:GetSecret" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretSoapOut">
+    <wsdl:part name="parameters" element="tns:GetSecretResponse" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretsByFieldValueSoapIn">
+    <wsdl:part name="parameters" element="tns:GetSecretsByFieldValue" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretsByFieldValueSoapOut">
+    <wsdl:part name="parameters" element="tns:GetSecretsByFieldValueResponse" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentSoapIn">
+    <wsdl:part name="parameters" element="tns:DownloadFileAttachment" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentSoapOut">
+    <wsdl:part name="parameters" element="tns:DownloadFileAttachmentResponse" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentByItemIdSoapIn">
+    <wsdl:part name="parameters" element="tns:DownloadFileAttachmentByItemId" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentByItemIdSoapOut">
+    <wsdl:part name="parameters" element="tns:DownloadFileAttachmentByItemIdResponse" />
+  </wsdl:message>
+  <wsdl:message name="UploadFileAttachmentSoapIn">
+    <wsdl:part name="parameters" element="tns:UploadFileAttachment" />
+  </wsdl:message>
+  <wsdl:message name="UploadFileAttachmentSoapOut">
+    <wsdl:part name="parameters" element="tns:UploadFileAttachmentResponse" />
+  </wsdl:message>
+  <wsdl:message name="UploadFileAttachmentByItemIdSoapIn">
+    <wsdl:part name="parameters" element="tns:UploadFileAttachmentByItemId" />
+  </wsdl:message>
+  <wsdl:message name="UploadFileAttachmentByItemIdSoapOut">
+    <wsdl:part name="parameters" element="tns:UploadFileAttachmentByItemIdResponse" />
+  </wsdl:message>
+  <wsdl:message name="AuthenticateHttpGetIn">
+    <wsdl:part name="username" type="s:string" />
+    <wsdl:part name="password" type="s:string" />
+    <wsdl:part name="organization" type="s:string" />
+    <wsdl:part name="domain" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="AuthenticateHttpGetOut">
+    <wsdl:part name="Body" element="tns:AuthenticateResult" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretsByFieldValueHttpGetIn">
+    <wsdl:part name="token" type="s:string" />
+    <wsdl:part name="fieldName" type="s:string" />
+    <wsdl:part name="searchTerm" type="s:string" />
+    <wsdl:part name="showDeleted" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretsByFieldValueHttpGetOut">
+    <wsdl:part name="Body" element="tns:GetSecretsByFieldValueResult" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentHttpGetIn">
+    <wsdl:part name="token" type="s:string" />
+    <wsdl:part name="secretId" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentHttpGetOut">
+    <wsdl:part name="Body" element="tns:FileDownloadResult" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentByItemIdHttpGetIn">
+    <wsdl:part name="token" type="s:string" />
+    <wsdl:part name="secretId" type="s:string" />
+    <wsdl:part name="secretItemId" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentByItemIdHttpGetOut">
+    <wsdl:part name="Body" element="tns:FileDownloadResult" />
+  </wsdl:message>
+  <wsdl:message name="UploadFileAttachmentHttpGetIn">
+    <wsdl:part name="token" type="s:string" />
+    <wsdl:part name="secretId" type="s:string" />
+    <wsdl:part name="fileData" type="s1:StringArray" />
+    <wsdl:part name="fileName" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="AuthenticateHttpPostIn">
+    <wsdl:part name="username" type="s:string" />
+    <wsdl:part name="password" type="s:string" />
+    <wsdl:part name="organization" type="s:string" />
+    <wsdl:part name="domain" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="AuthenticateHttpPostOut">
+    <wsdl:part name="Body" element="tns:AuthenticateResult" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretsByFieldValueHttpPostIn">
+    <wsdl:part name="token" type="s:string" />
+    <wsdl:part name="fieldName" type="s:string" />
+    <wsdl:part name="searchTerm" type="s:string" />
+    <wsdl:part name="showDeleted" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="GetSecretsByFieldValueHttpPostOut">
+    <wsdl:part name="Body" element="tns:GetSecretsByFieldValueResult" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentHttpPostIn">
+    <wsdl:part name="token" type="s:string" />
+    <wsdl:part name="secretId" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentHttpPostOut">
+    <wsdl:part name="Body" element="tns:FileDownloadResult" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentByItemIdHttpPostIn">
+    <wsdl:part name="token" type="s:string" />
+    <wsdl:part name="secretId" type="s:string" />
+    <wsdl:part name="secretItemId" type="s:string" />
+  </wsdl:message>
+  <wsdl:message name="DownloadFileAttachmentByItemIdHttpPostOut">
+    <wsdl:part name="Body" element="tns:FileDownloadResult" />
+  </wsdl:message>
+  <wsdl:portType name="SSWebServiceSoap">
+    <wsdl:operation name="Authenticate">
+      <wsdl:input message="tns:AuthenticateSoapIn" />
+      <wsdl:output message="tns:AuthenticateSoapOut" />
+    </wsdl:operation>
+    <wsdl:operation name="GetSecret">
+      <wsdl:input message="tns:GetSecretSoapIn" />
+      <wsdl:output message="tns:GetSecretSoapOut" />
+    </wsdl:operation>
+    <wsdl:operation name="GetSecretsByFieldValue">
+      <wsdl:input message="tns:GetSecretsByFieldValueSoapIn" />
+      <wsdl:output message="tns:GetSecretsByFieldValueSoapOut" />
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachment">
+      <wsdl:input message="tns:DownloadFileAttachmentSoapIn" />
+      <wsdl:output message="tns:DownloadFileAttachmentSoapOut" />
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachmentByItemId">
+      <wsdl:input message="tns:DownloadFileAttachmentByItemIdSoapIn" />
+      <wsdl:output message="tns:DownloadFileAttachmentByItemIdSoapOut" />
+    </wsdl:operation>
+  </wsdl:portType>
+  <wsdl:portType name="SSWebServiceHttpGet">
+    <wsdl:operation name="Authenticate">
+      <wsdl:input message="tns:AuthenticateHttpGetIn" />
+      <wsdl:output message="tns:AuthenticateHttpGetOut" />
+    </wsdl:operation>
+    <wsdl:operation name="GetSecretsByFieldValue">
+      <wsdl:input message="tns:GetSecretsByFieldValueHttpGetIn" />
+      <wsdl:output message="tns:GetSecretsByFieldValueHttpGetOut" />
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachment">
+      <wsdl:input message="tns:DownloadFileAttachmentHttpGetIn" />
+      <wsdl:output message="tns:DownloadFileAttachmentHttpGetOut" />
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachmentByItemId">
+      <wsdl:input message="tns:DownloadFileAttachmentByItemIdHttpGetIn" />
+      <wsdl:output message="tns:DownloadFileAttachmentByItemIdHttpGetOut" />
+    </wsdl:operation>
+  </wsdl:portType>
+  <wsdl:portType name="SSWebServiceHttpPost">
+    <wsdl:operation name="Authenticate">
+      <wsdl:input message="tns:AuthenticateHttpPostIn" />
+      <wsdl:output message="tns:AuthenticateHttpPostOut" />
+    </wsdl:operation>
+    <wsdl:operation name="GetSecretsByFieldValue">
+      <wsdl:input message="tns:GetSecretsByFieldValueHttpPostIn" />
+      <wsdl:output message="tns:GetSecretsByFieldValueHttpPostOut" />
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachment">
+      <wsdl:input message="tns:DownloadFileAttachmentHttpPostIn" />
+      <wsdl:output message="tns:DownloadFileAttachmentHttpPostOut" />
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachmentByItemId">
+      <wsdl:input message="tns:DownloadFileAttachmentByItemIdHttpPostIn" />
+      <wsdl:output message="tns:DownloadFileAttachmentByItemIdHttpPostOut" />
+    </wsdl:operation>
+  </wsdl:portType>
+  <wsdl:binding name="SSWebServiceSoap" type="tns:SSWebServiceSoap">
+    <soap:binding transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Authenticate">
+      <soap:operation soapAction="urn:thesecretserver.com/Authenticate" style="document" />
+      <wsdl:input>
+        <soap:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="GetSecret">
+      <soap:operation soapAction="urn:thesecretserver.com/GetSecret" style="document" />
+      <wsdl:input>
+        <soap:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="GetSecretsByFieldValue">
+      <soap:operation soapAction="urn:thesecretserver.com/GetSecretsByFieldValue" style="document" />
+      <wsdl:input>
+        <soap:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachment">
+      <soap:operation soapAction="urn:thesecretserver.com/DownloadFileAttachment" style="document" />
+      <wsdl:input>
+        <soap:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachmentByItemId">
+      <soap:operation soapAction="urn:thesecretserver.com/DownloadFileAttachmentByItemId" style="document" />
+      <wsdl:input>
+        <soap:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+  </wsdl:binding>
+  <wsdl:binding name="SSWebServiceSoap12" type="tns:SSWebServiceSoap">
+    <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
+    <wsdl:operation name="Authenticate">
+      <soap12:operation soapAction="urn:thesecretserver.com/Authenticate" style="document" />
+      <wsdl:input>
+        <soap12:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap12:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="GetSecret">
+      <soap12:operation soapAction="urn:thesecretserver.com/GetSecret" style="document" />
+      <wsdl:input>
+        <soap12:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap12:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="GetSecretsByFieldValue">
+      <soap12:operation soapAction="urn:thesecretserver.com/GetSecretsByFieldValue" style="document" />
+      <wsdl:input>
+        <soap12:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap12:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachment">
+      <soap12:operation soapAction="urn:thesecretserver.com/DownloadFileAttachment" style="document" />
+      <wsdl:input>
+        <soap12:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap12:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachmentByItemId">
+      <soap12:operation soapAction="urn:thesecretserver.com/DownloadFileAttachmentByItemId" style="document" />
+      <wsdl:input>
+        <soap12:body use="literal" />
+      </wsdl:input>
+      <wsdl:output>
+        <soap12:body use="literal" />
+      </wsdl:output>
+    </wsdl:operation>
+  </wsdl:binding>
+  <wsdl:binding name="SSWebServiceHttpGet" type="tns:SSWebServiceHttpGet">
+    <http:binding verb="GET" />
+    <wsdl:operation name="Authenticate">
+      <http:operation location="/Authenticate" />
+      <wsdl:input>
+        <http:urlEncoded />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="GetSecretsByFieldValue">
+      <http:operation location="/GetSecretsByFieldValue" />
+      <wsdl:input>
+        <http:urlEncoded />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachment">
+      <http:operation location="/DownloadFileAttachment" />
+      <wsdl:input>
+        <http:urlEncoded />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachmentByItemId">
+      <http:operation location="/DownloadFileAttachmentByItemId" />
+      <wsdl:input>
+        <http:urlEncoded />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>
+  </wsdl:binding>
+  <wsdl:binding name="SSWebServiceHttpPost" type="tns:SSWebServiceHttpPost">
+    <http:binding verb="POST" />
+    <wsdl:operation name="Authenticate">
+      <http:operation location="/Authenticate" />
+      <wsdl:input>
+        <mime:content type="application/x-www-form-urlencoded" />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="GetSecretsByFieldValue">
+      <http:operation location="/GetSecretsByFieldValue" />
+      <wsdl:input>
+        <mime:content type="application/x-www-form-urlencoded" />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachment">
+      <http:operation location="/DownloadFileAttachment" />
+      <wsdl:input>
+        <mime:content type="application/x-www-form-urlencoded" />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>
+    <wsdl:operation name="DownloadFileAttachmentByItemId">
+      <http:operation location="/DownloadFileAttachmentByItemId" />
+      <wsdl:input>
+        <mime:content type="application/x-www-form-urlencoded" />
+      </wsdl:input>
+      <wsdl:output>
+        <mime:mimeXml part="Body" />
+      </wsdl:output>
+    </wsdl:operation>    
+  </wsdl:binding>
+  <wsdl:service name="SSWebService">
+    <wsdl:documentation xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">Webservice for standard integration.</wsdl:documentation>
+    <wsdl:port name="SSWebServiceSoap" binding="tns:SSWebServiceSoap">
+      <soap:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
+    </wsdl:port>
+    <wsdl:port name="SSWebServiceSoap12" binding="tns:SSWebServiceSoap12">
+      <soap12:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
+    </wsdl:port>
+    <wsdl:port name="SSWebServiceHttpGet" binding="tns:SSWebServiceHttpGet">
+      <http:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
+    </wsdl:port>
+    <wsdl:port name="SSWebServiceHttpPost" binding="tns:SSWebServiceHttpPost">
+      <http:address location="https://www.zanzitest.net/webservices/sswebservice.asmx" />
+    </wsdl:port>
+  </wsdl:service>
+</wsdl:definitions>

spec/spec_helper.rb

@@ -0,0 +1,37 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause this
+# file to always be loaded, without a need to explicitly require it in any files.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+require 'webmock/rspec'
+require 'codeclimate-test-reporter'
+require 'simplecov'
+CodeClimate::TestReporter.start
+SimpleCov.start
+
+RSpec.configure do |config|
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+
+  config.after(:suite) do
+    WebMock.disable_net_connect!(allow: 'codeclimate.com')
+  end
+end
+
+def source_root
+  File.expand_path('../../', __FILE__)
+end
+
+AUTH_XML = File.read('spec/responses/authenticate_response.xml')
+SECRET_XML = File.read('spec/responses/get_secret_response.xml')
+SECRET_WITH_KEY_XML = File.read('spec/responses/get_secret_with_keys_response.xml')
+SECRET_WITH_ATTACHMENT_XML = File.read('spec/responses/get_secret_with_attachment_response.xml')
+PRIVATE_KEY_XML = File.read('spec/responses/download_private_key_response.xml')
+PUBLIC_KEY_XML = File.read('spec/responses/download_public_key_response.xml')
+ATTACHMENT_XML = File.read('spec/responses/attachment_response.xml')

templates/Zanzifile.erb

@@ -0,0 +1,11 @@
+---
+settings:
+  wsdl: <%= wsdl %>
+  domain: <%= domain %>
+  secret_dir: <%= secretdir %>
+  ignore_ssl: <%= ignoressl %>
+secrets:
+#  TODO fill in your secrets like so:
+#  ssh_key:
+#    id: 1
+#    label: Private Key

test/spec/spec_helper.rb

@@ -1,90 +0,0 @@
-# This file was generated by the `rspec --init` command. Conventionally, all
-# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# The generated `.rspec` file contains `--require spec_helper` which will cause this
-# file to always be loaded, without a need to explicitly require it in any files.
-#
-# Given that it is always loaded, you are encouraged to keep this file as
-# light-weight as possible. Requiring heavyweight dependencies from this file
-# will add to the boot time of your test suite on EVERY test run, even for an
-# individual file that may not need all of that loaded. Instead, consider making
-# a separate helper file that requires the additional dependencies and performs
-# the additional setup, and require it from the spec files that actually need it.
-#
-# The `.rspec` file also contains a few flags that are not defaults but that
-# users commonly want.
-#
-# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
-require 'webmock/rspec'
-RSpec.configure do |config|
-  # rspec-expectations config goes here. You can use an alternate
-  # assertion/expectation library such as wrong or the stdlib/minitest
-  # assertions if you prefer.
-  config.expect_with :rspec do |expectations|
-    # This option will default to `true` in RSpec 4. It makes the `description`
-    # and `failure_message` of custom matchers include text for helper methods
-    # defined using `chain`, e.g.:
-    # be_bigger_than(2).and_smaller_than(4).description
-    #   # => "be bigger than 2 and smaller than 4"
-    # ...rather than:
-    #   # => "be bigger than 2"
-    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
-  end
-
-  # rspec-mocks config goes here. You can use an alternate test double
-  # library (such as bogus or mocha) by changing the `mock_with` option here.
-  config.mock_with :rspec do |mocks|
-    # Prevents you from mocking or stubbing a method that does not exist on
-    # a real object. This is generally recommended, and will default to
-    # `true` in RSpec 4.
-    mocks.verify_partial_doubles = true
-  end
-
-# The settings below are suggested to provide a good initial experience
-# with RSpec, but feel free to customize to your heart's content.
-=begin
-  # These two settings work together to allow you to limit a spec run
-  # to individual examples or groups you care about by tagging them with
-  # `:focus` metadata. When nothing is tagged with `:focus`, all examples
-  # get run.
-  config.filter_run :focus
-  config.run_all_when_everything_filtered = true
-
-  # Limits the available syntax to the non-monkey patched syntax that is recommended.
-  # For more details, see:
-  #   - http://myronmars.to/n/dev-blog/2012/06/rspecs-new-expectation-syntax
-  #   - http://teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
-  #   - http://myronmars.to/n/dev-blog/2014/05/notable-changes-in-rspec-3#new__config_option_to_disable_rspeccore_monkey_patching
-  config.disable_monkey_patching!
-
-  # This setting enables warnings. It's recommended, but in some cases may
-  # be too noisy due to issues in dependencies.
-  config.warnings = true
-
-  # Many RSpec users commonly either run the entire suite or an individual
-  # file, and it's useful to allow more verbose output when running an
-  # individual spec file.
-  if config.files_to_run.one?
-    # Use the documentation formatter for detailed output,
-    # unless a formatter has already been configured
-    # (e.g. via a command-line flag).
-    config.default_formatter = 'doc'
-  end
-
-  # Print the 10 slowest examples and example groups at the
-  # end of the spec run, to help surface which specs are running
-  # particularly slow.
-  config.profile_examples = 10
-
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = :random
-
-  # Seed global randomization in this process using the `--seed` CLI option.
-  # Setting this allows you to use `--seed` to deterministically reproduce
-  # test failures related to randomization by passing the same `--seed` value
-  # as the one that triggered the failure.
-  Kernel.srand config.seed
-=end
-end

test/zanzibar_spec.rb

@@ -1,80 +0,0 @@
-require '../lib/zanzibar.rb'
-require 'savon'
-require 'webmock'
-require 'rspec'
-require 'webmock/rspec'
-
-include WebMock::API
-
-describe "Zanzibar Test" do
-
-  client = Zanzibar::Zanzibar.new(:domain => "zanzitest.net", :pwd=>'password', :wsdl => "scrt.wsdl")
-  auth_xml = File.read('responses/authenticate_response.xml')
-  secret_xml = File.read('responses/get_secret_response.xml')
-  secret_with_key_xml = File.read('responses/get_secret_with_keys_response.xml')
-  secret_with_attachment_xml = File.read('responses/get_secret_with_attachment_response.xml')
-  private_key_xml = File.read('responses/download_private_key_response.xml')
-  public_key_xml = File.read('responses/download_public_key_response.xml')
-  attachment_xml = File.read('responses/attachment_response.xml')
-
-
-  it 'should return an auth token' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200)
-
-    expect(client.get_token).to eq("imatoken")
-  end
-
-  it 'should get a secret' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-        to_return(:body => secret_xml, :status => 200)
-
-    expect(client.get_secret(1234)[:envelope][:body][:get_secret_response][:get_secret_result][:secret][:name]).to eq("Zanzi Test Secret")
-  end
-
-  it 'should get a password' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-        to_return(:body => secret_xml, :status => 200)
-
-    expect(client.get_password(1234)).to eq("zanziUserPassword")
-  end
-
-  it 'should download a private key' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_key_xml, :status => 200).then.
-            to_return(:body => private_key_xml, :status => 200)
-
-      client.download_private_key(:scrt_id => 2345)
-      expect(File.exist? 'zanzi_key')
-      expect(File.read('zanzi_key')).to eq("-----BEGIN RSA PRIVATE KEY -----\nzanzibarTestPassword\n-----END RSA PRIVATE KEY-----\n")
-      File.delete('zanzi_key')
-    end
-
-
-  it 'should download a public key' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_key_xml, :status => 200).then.
-            to_return(:body => public_key_xml, :status => 200)
-
-      client.download_public_key(:scrt_id => 2345)
-      expect(File.exist? 'zanzi_key.pub')
-      expect(File.read('zanzi_key.pub')).to eq("1234PublicKey5678==\n")
-      File.delete('zanzi_key.pub')
-    end
-
-  it 'should download an attachment' do
-    stub_request(:any, "https://www.zanzitest.net/webservices/sswebservice.asmx").
-      to_return(:body => auth_xml, :status => 200).then.
-          to_return(:body => secret_with_attachment_xml, :status => 200).then.
-            to_return(:body => attachment_xml, :status => 200)
-
-    client.download_attachment(:scrt_id => 3456)
-    expect(File.exist? 'attachment.txt')
-    expect(File.read('attachment.txt')).to eq("I am a secret attachment\n")
-    File.delete('attachment.txt')
-  end
-end

zanzibar.gemspec

@@ -4,21 +4,31 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'zanzibar/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "zanzibar"
+  spec.name          = 'zanzibar'
   spec.version       = Zanzibar::VERSION
-  spec.authors       = ["Jason Davis-Cooke"]
-  spec.email         = ["jdaviscooke@cimpress.com"]
-  spec.summary       = "Retrieve secrets from Secret Server"
-  spec.description   = "Programatically get secrets from Secret Server via the Web Service API"
-  spec.homepage      = "https://github.com/Cimpress-MCP/zanzibar"
-  spec.license       = "Apache 2.0"
+  spec.authors       = ['Jason Davis-Cooke']
+  spec.email         = ['jdaviscooke@cimpress.com']
+  spec.summary       = 'Retrieve secrets from Secret Server'
+  spec.description   = 'Programatically get secrets from Secret Server via the Web Service API'
+  spec.homepage      = 'https://github.com/Cimpress-MCP/zanzibar'
+  spec.license       = 'Apache 2.0'
 
   spec.files         = `git ls-files -z`.split("\x0")
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
+  spec.executables   = spec.files.grep(%r{^bin\/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)\/})
+  spec.require_paths = ['lib']
 
-  spec.add_development_dependency "bundler", "~> 1.7"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_runtime_dependency "savon", "~> 2.8.0"
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rubocop', '~> 0.39.0'
+  spec.add_development_dependency 'savon_spec', '~> 0.1.6'
+  spec.add_development_dependency 'rspec', '~> 3.1.0'
+  spec.add_development_dependency 'webmock', '~> 1.20.4'
+  spec.add_development_dependency 'codeclimate-test-reporter'
+  spec.add_development_dependency 'fakefs', '~> 0.6.4'
+  spec.add_development_dependency 'simplecov', '~> 0.9.1'
+
+  spec.add_runtime_dependency 'savon', '~> 2.11.0'
+  spec.add_runtime_dependency 'rubyntlm', '~> 0.6.0'
+  spec.add_runtime_dependency 'thor', '~> 0.19.0'
 end