[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Encrypting selected files ...

From: Bob Archer <bob.archer_at_amsi.com>
Date: Fri, 2 Oct 2009 11:41:20 -0400

>I have been asked to look into the issue of encrypting sensitive information that is stored in our source code repository. We have quite a few users >of our repository, many of whom are overseas.

>99.99% of what's in our repository is just source code that everyone needs. However there are a few files that contain production usernames, >passwords and other references to assets that we would like to encrypt and allow access only to selected users or those with an encryption key.

>I know that we can restrict access on a directory by directory basis and this option is being considered. However, I'd prefer to allow these files to >be comingled with other source code files.

>Are there any facilities in Subversion for encrypting individual files?
>If not, does anyone have any recommendations for tools that might be effective for encrypting individual files?
>Is it possible to implement some sort of 'hook' in subversion that can be instructed to encrypt / decrypt selected files for selected users?
>Thoughts, idea on this topic?

Just thinking out loud... this is something that will have to be done on the client side... the file will have to be encrypted before it is committed. This will also mean that the file is basically a binary file and you can't merge or blame or diff it.

That said, I think you could use PGP or CompuSec (both free) for this. But, now rather than controlling access to the file, you have to control access to the private key which would be needed to decrypt it.

So, I'm not sure if you are solving a problem or just moving the problem to a different file in addition to adding overheard to your process. It may just make more sense to secure access to the file with sensitive data itself rather than worry about securing access to a private key.



To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-02 17:42:25 CEST

This is an archived mail posted to the Subversion Users mailing list.