[one-liner]: Securing your Subversion Password using GPG Agent

Background

If you’ve ever dealt with subversion on Unix, one of the annoyances is that it essentially stores it’s password in clear text under your $HOME/.subversion/auth/svn.simple directory in text files. Not a huge deal to a single developer or user but if you work in a large company or even a small one this is a pretty bad implementation. Well here’s a method which at least get’s the password out of these clear text files.

Solution

The solution came up while I was research something else, as is usually the case. I found this paper titled: GPG-agent based secure password cache for Subversion Version Control System. The paper covers work that was done on behalf of Collabnet (the original owners of the subversion project).

Image of GNOME Keyring

Image of GNOME Keyring

I haven’t had a chance to try this out but this point is meant as a reminder to me and also to others that this is a reality (finally) with the stock Subversion software. It looks to be built in with the 1.8 release. This commit to the Subversion trunk highlights this new auth capability and how it works along with several security considerations if you plan on using it.

References

local copies

NOTE: For further details regarding my one-liner blog posts, check out my one-liner style guide primer.

This entry was posted in one-liner, Security, subversion, Syndicated, tips & tricks. Bookmark the permalink.

Comments are closed.