Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: I've moved discussion of the master passphrase feature to its own page.


Built-in Encryption with a Master Passphrase

Like all popular web browsers, Firefox allows you to optionally cache passwords used for site logins. Site credentials are cached on disk, and in plaintext by default. However, Firefox allows you to optionally configure a "Master Password". This password is used to encrypt the on-disk cached site credentials, functioning effectively the same way that a keyring provider and associated passphrase would work. Firefox will challenge the user for the master password the first time it needs to consult its credentials cache, and will leave the cache "unlocked" for the duration of the application's lifetime. (Reference:

Subversion should be able to do something similar. Now, the short-lived nature of the command-line client means that if naively implemented, a user would need to provide the master password (or passphrase) as often as they would their repository credentials today were caching not available. This would render the credential cache itself useful only insomuch as it reduces the potentially boundless amount of site credentials the user must memorize to a single item: the master password. The overall approach would be much more convenient if there was a way to securely persist the master passphrase across command-line client invocations for at least some period of time, perhaps by using a daemon-based persistence layer (for example, the GPG Agent) to hold the user-provided master passphrase in memory.


Subversion could employ built-in encryption protected by a master passphrase.

Per-site Password Caching Options