How to save password when using Subversion from the console

Question

I was wondering if there is a way to save my Subversion password when doing svn operations from the console. The console is the only option that I have. When I try to do any Subversion action, e.g. svn commit, it prompts for the account password every time. Is there a way to save this password somehow so that I don't have to retype it every time?

Answer 1

Saving plaintext passwords was intentionally disabled in svn starting from version 1.12. There's no configuration key to re-enable this feature. The only way to make Subversion save your password as a plain text is to enable it at the compile time.

However, Subversion is still able to read the plaintext passwords.
And there's an official script to manually save your password as a plain text.

1. Consider removing any edits from ~/.subversion/config and ~/.subversion/servers. Just remove both files if in doubt.
2. Use your svn server at least once (e.g. checkout something).
   Verify and permanantly accept the server server certificate fingerprint, if asked.
   This would generate ~/.subversion/auth/svn.simple/xxxxx file (where "xxxxx" is some hash), but there would be no password in it yet.
3. Run svn auth and note the
   Authentication realm: <https://myserver.mydomain:12345> VisualSVN Server string in the output.
4. Use the official workaround script to store your password as plaintext:

wget https://svn.apache.org/repos/asf/subversion/trunk/tools/client-side/store-plaintext-password.py
chmod +x store-plaintext-password.py
./store-plaintext-password.py -u your_username "<https://myserver.mydomain:12345> VisualSVN Server"

5. doublecheck that ~/.subversion/auth/svn.simple/xxxxx now actually contains your password
6. chmod 600 ~/.subversion/auth/svn.simple/xxxxx (just-in-case)
7. chmod 700 ~/.subversion/auth/svn.simple (just-in-case)
8. try using your svn server again (e.g. svn update).

Just tested on svn version 1.14.1 (r1886195), installed with simply apt install subversion, on Ubuntu 22.

Answer 2

The only solution that worked for me was following the instructions from svnbook.

As per the instructions, I deleted the correct file:

$ ls ~/.subversion/auth/svn.simple/
5671adf2865e267db74f09ba6f872c28
3893ed123b39500bca8a0b382839198e
5c3c22968347b390f349ff340196ed39

$ cat ~/.subversion/auth/svn.simple/5671adf2865e267db74f09ba6f872c28

K 8
username
V 3
joe
K 8
password
V 4
blah
K 15
svn:realmstring
V 45
<https://svn.domain.com:443> Joe's repository
END

Once I located the proper cache file, I deleted it, and then I did svn up. The username and password were saved properly.

Answer 3

I finally discovered a way to use gnome-keyring from within ssh and other non-interactive scripts:

So you can leave subversion configured to not store plain text passwords. Instead configure it to use gnome keyring. I think that's the default on ubuntu anyway.

Then use the magic script found here to persistently unlock the keyring on the machine:

https://unix.stackexchange.com/questions/602313/unlock-gnome-keyring-daemon-from-command-line

~/bin/unlock-gnome-keyring:

echo 'NOTE: This script will only work if launched via source or .' >&2
echo -n 'Login password: ' >&2
read -s _UNLOCK_PASSWORD || return
killall -q -u "$(whoami)" gnome-keyring-daemon
eval $(echo -n "${_UNLOCK_PASSWORD}" \
           | gnome-keyring-daemon --daemonize --login \
           | sed -e 's/^/export /')
unset _UNLOCK_PASSWORD
echo '' >&2

Answer 4

I'm using the TortoiseSVN client on Windows, and for me, setting store-passwords parameter as yes in %USERPROFILE%\AppData\Roaming\Subversion\config does not help to store the password.

The password was successfully saved after removing this folder (just in case renaming):

%USERPROFILE%\AppData\Roaming\Subversion\auth

Environment:

Windows 7, TortoiseSVN 1.7.11 (Build 23600 - 64 bit, 2012-12-12T19:08:52), Subversion 1.7.8.

Answer 5

Just to emphasize what Tomasz Gandor and Domain said about having the right version of svn and that it was compiled to enable plain text password storage, you need verify what you have:

svn --version
svn, version 1.9.7 (r1800392)
...
WARNING: Plaintext password storage is enabled!
...

The following authentication credential caches are available:

* Plaintext cache in /gr/home/ffvdqb/.subversion
* GPG-Agent

Versus:

svn --version
svn, version 1.12.2 (r1863366)
...

The following authentication credential caches are available:

* Gnome Keyring
* GPG-Agent
* KWallet (KDE)

Once you see that your version of svn was enabled for plain text password storage, then apply all the rest of the answers here.

Answer 6

All methods mention here are not working for me. I built Subversion from source, and I found out, I must run configure with --enable-plaintext-password-storage to support this feature.

Answer 7

To add to Heath's answer: It looks like Subversion 1.6 disabled storing passwords by default if it can't store them in encrypted form. You can allow storing unencrypted passwords by explicitly setting password-stores = (that is, to the empty value) in ~/.subversion/config.

To check which password store subversion uses, look in ~/.subversion/auth/svn.simple. This contains several files, each a hash table with a simple key/value encoding. The svn:realmstring in each file identifies which realm that file is for. If the file has

K 8
passtype
V 6
simple

then it stores the password in plain text somewhere in that file, in a K 8 password entry. Else, it tries to use one of the configured password-stores.

Answer 8

None of these wonderful answers worked for me on a fresh install of Ubuntu. Instead, a clue from this answer did the trick for me.

I had to allow "simple" password store by setting this empty in ~/.subversion/config:

password-stores =

There was no existing setting, so being empty is significant.

This was in addition to:

store-passwords = yes

in ~/.subversion/servers.

Answer 9

Unfortunately the answers did not solve the problem of asking for password for ssh+svn with a protected private key. After some research I found:

ssh-add

utility if you have a Linux computer. Make sure that you have your keys stored in /home/username/.ssh/ and type this command on Terminal.

Answer 10

For me (Mac user) the problem was that the keychain already had an entry stored for my credentials, but the access rights were not right.

Deleting the entry in the key chain app and then recreating it by using svn fixed the issue.

Answer 11

Using plaintext may not be the best choice, if the password is ever used as something else.

I support the accepted answer, but it didn't work for me - for a very specific reason: I wanted to use either kwallet or gnome-keyring password stores. I tried changing the settings, all over the four files:

/etc/subversion/config
/etc/subversion/servers
~/.subversion/config
~/.subversion/servers

Even after it all was set the same, with password-stores and KWallet name (default might be wrong, right?) it didn't work and kept asking for password forever. The files in ~/.subversion had permissions 600.

Well, at that point, you may try to check one simple thing:

which svn

If you get:

/usr/bin/local/svn

then you may suspect with great likelihood that this client was built from source, locally, by your administrator (which may be yourself, as in my case).

Subversion is a nasty beast to compile, very easy to accidentally build without HTTP support, or - as in my example - without support for encrypted password stores (you need either Gnome or KDE development files, and a lot of them!). But the ./configure script won't tell you that, and you just get a less functional svn command.

In that case, you may go back to the client, which came with your distribution, usually in /usr/bin/svn. The downside is - you'll probably need to re-checkout the working copies, as there is no svn downgrade command. You can consult Linus Torvalds on what to think about Subversion, anyway ;)

Answer 12

Please note the following paragraph from the ~/.subversion/servers file:

Both 'store-passwords' and 'store-auth-creds' can now be specified in the 'servers' file in your config directory. Anything specified in this section is overridden by settings specified in the 'servers' file.

It is at least for SVN version 1.6.12. So keep in mind to edit the servers file also as it overrides ~/.subversion/config.

Answer 13

It depends on the protocol you're using. If you're using SVN + SSH, the SVN client can't save your password because it never touches it - the SSH client prompts you for it directly. In this case, you can use an SSH key and ssh-agent to avoid the constant prompts. If you're using the svnserve protocol or HTTP(S), then the SSH client is handling your password and can save it.

Answer 14

Try clearing your .subversion folder in your home directory and try to commit again. It should prompt you for your password and then ask you if you would like to save the password.

Answer 15

In ~/.subversion/config, you probably have store-passwords = no. Change it to yes (or just comment it out because it defaults to yes), and the next time you give Subversion your password it should save it.

You might want to ensure that the owner and permissions of ~/.subversion/config are correct (no public or group access; 600).

Answer 16

If you use svn+ssh, you can copy your public ssh key to the remote machine:

ssh-copy-id user@remotehost

Answer 17

I had to edit ~/.subversion/servers. I set store-plaintext-passwords = yes (was no previously). That did the trick. It might be considered insecure though.