How to Save Passwords When Using Subversion from the Console

Dec 02, 2025 · Programming · 10 views · 7.8

Keywords: Subversion | password storage | console operations

Abstract: This article provides a comprehensive guide on saving passwords while using Subversion (svn) from the console, focusing on modifying the store-passwords setting in the ~/.subversion/config file. It explains why passwords are not saved by default and offers step-by-step instructions to enable password storage, including checking file permissions for security. Additionally, it covers special cases for different protocols like SVN+SSH and official solutions for Subversion versions 1.12 and later, which disable plaintext password storage. With clear steps and code examples, it helps users avoid repetitive password entry and improve workflow efficiency.

Overview of Subversion Password Storage Mechanism

Subversion (svn) is a widely used version control system, and when operating from the console, users often encounter the need to re-enter passwords for commands like svn commit. This stems from Subversion's default security settings, designed to prevent passwords from being stored insecurely. However, for frequent users, this can lead to reduced efficiency. Based on best practices, this article explores how to enable password storage through configuration.

Core Configuration: Enabling Password Storage

The password storage behavior in Subversion is controlled by a configuration file in the user's home directory, specifically at ~/.subversion/config. In this file, a key setting store-passwords exists, with a default value typically set to no, meaning Subversion does not save passwords. To enable password storage, users must edit this file and change store-passwords = no to store-passwords = yes. If the line is commented out (starting with #), Subversion uses the default yes, so it can also be uncommented or ensured to be set correctly.

Here is an example configuration modification process:

# Open the configuration file
nano ~/.subversion/config
# Find the store-passwords line and modify it to
store-passwords = yes
# Save and exit

After modification, the next time a Subversion operation is performed, the system will prompt to save the password; selecting yes will store it. The password is saved in encrypted files within the ~/.subversion/auth directory, not in plaintext, to enhance security.

Security Considerations

Once password storage is enabled, it is crucial to ensure correct file permissions to prevent unauthorized access. It is recommended to use the command chmod 600 ~/.subversion/config to set file permissions to read-write for the owner only, avoiding group or other user access. Similarly, the ~/.subversion/auth directory and its contents should have restricted permissions, such as using chmod 700 ~/.subversion/auth. These measures help protect sensitive information and align with security best practices.

Protocol-Specific Considerations

The effectiveness of password storage depends on the protocol used. If accessing a repository via SVN+SSH protocol, the Subversion client cannot directly handle passwords, as the SSH client manages authentication. In this case, even with store-passwords enabled, passwords will not be saved. An alternative is to use SSH keys and ssh-agent to avoid repeated password prompts. For svnserve or HTTP(S) protocols, Subversion can handle password storage, and the above configuration method applies.

Changes in Subversion 1.12 and Later Versions

Starting from Subversion version 1.12, to enhance security, plaintext password storage is disabled by default. This means that even if store-passwords = yes is set, passwords may not be saved in the traditional way. Official documentation notes that this is an intentional design decision. However, Subversion can still read already stored plaintext passwords. For users who need this functionality, an official script is available to manually save passwords.

Specific steps include: first, clear old configurations in the ~/.subversion directory; then, use Subversion operations to generate authentication files; finally, run the script store-plaintext-password.py to store the password. For example:

wget https://svn.apache.org/repos/asf/subversion/trunk/tools/client-side/store-plaintext-password.py
chmod +x store-plaintext-password.py
./store-plaintext-password.py -u your_username "<https://example.com> realm"

After execution, verify that files in the ~/.subversion/auth/svn.simple directory contain the password and set appropriate permissions (e.g., chmod 700). This provides a backward-compatible solution, but users should balance security with convenience.

Summary and Best Practices

When using Subversion from the console, properly configuring the ~/.subversion/config file can significantly reduce password entry frequency and improve workflow efficiency. The core step is setting store-passwords = yes and ensuring secure file permissions. For different protocols or newer Subversion versions, adjustments are needed, such as using SSH keys or official scripts. It is recommended that users regularly review and update configurations to balance security and convenience. With the guidance in this article, users can manage Subversion operations more efficiently while maintaining system security.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.