Mac OS X, Subversion, and Keychain

I just learned this morning that Subversion since version 1.4 will cache passwords on OS X using the OS X Keychain. Lack up support for multiple passwords with Subversion has been a frustration for me for quite a while, but lo and behold its been under my nose the whole time.

Note: This is all based on command line usage. I’m not gonna speak for any of the SVN utilities out there.

The trick is that you need to let Subversion ask you for your password, not supply it in the SVN command string. So, while its tempting to do:

svn co --username=me --password=that https://example.com/svn/repo .

We should actually be doing:

svn co --username=me https://example.com/svn/repo .

We’ll then be prompted with:

Authentication realm:
Password for 'me':

Enter the password and its cached with the Keychain instead of as plain text. The entry is still retained in ~/.subversion/svn.simple/server-name-hash but now it contains a reference to the Keychain for the password instead of storing it in the file. To verify that the password was stored in the Keychain look in the file and if it has been stored in the Keychain you should see something like:

...
K 8
passtype
V 8
keychain
...

Getting your password in to the keychain requires re-authenticating with the SVN repository. So to update all your entries to instead use the Keychain you’ll need to delete the files in ~/.subversion/svn.simple/ and re-authenticate with the server using the method outlined above.

It is not necessary to re-checkout the entire repository. Simply doing an update will suffice.

So, I feel like this should be a “well, duh!” moment since this has been available since 2006 but guaging by the lack of documentation out there on the tubes and the lack of knowledge of this around here at the office I’m gonna say that this is kind of a hidden gem. At least, I’m gonna keep telling myself that to make me feel better 😉

Tagged as: keychain osx password subversion svn