SVN encrypted password store

I store the credentials on an encrypted disk. (Although, while encfs is mounted the credentials are still plain-text to my account)

$ ls -nl ~/.subversion/
total 20K
-rw-r--r-- 1 1000 1000 4.2K 2009-07-10 13:00 README.txt
lrwxrwxrwx 1 1000 1000   31 2009-10-14 14:31 auth -> ~/crypt/subversion/auth/
-rw-r--r-- 1 1000 1000 5.7K 2009-07-10 13:00 config
-rw-r--r-- 1 1000 1000 3.6K 2009-07-10 13:00 servers

Using git-svn means that I need the credentials much less often, so it may not be too onerous to not save them at all.


It is a client issue. It warns you that the credentials used for the different servers are being stored in plain text. You can hide that warning or use an encrypted storage to cache the passwords.

See: http://blogs.collab.net/subversion/2009/07/subversion-16-security-improvements


By encrypting the password, you will not be able to achieve non-repudiation (other users could use your hash as you) due to OS file permissions. However, most companies have subversion setup using their domain password or some form of SSO password. By encrypting the password, you would at least mask someone from accessing a users other accounts.

I would still be concerned about the encryption strength. If the subversion password is linked to other important accounts, someone might test the encryption strength to crack the password out.

The best bet is to setup the subversion client to turn off stored passwords and force lazy Dev's to authenticate each time.