Is it possible to encrypt the content stored in SVN?

Question

If I am storing my source code in SVN on a shared hosting company, would it be possible to encrypt the content so EVEN if someone does have access to the repo they can't see the source in plain view?

Is there a plugin for this? Otherwise I'd imagine it would be crazy implementing this oneself!

Answer 1

Never tried it, but this appears to be what you are looking for.

http://www.hypersphere.org/personal/svn.shtml

Answer 2

Mathew's post is for an encrypted filesystem which the hosting provider would have to provide. That's probably the only easy way to do it.

Answer 3

The plugin you would like to have would have to be on the client side (Obviously if you do not trust people having access to the hosted repository). Any strong cryptographic algorithm generates big variations in the output from very similar input (due to their high entropy).

That means even if you would have a solution:

• it would be a disaster in terms of performance, both computation time and storage space requirements and network bandwidth use, and
• a disaster in feature loss: server side diffs would be broken for example, you would have to make all operations on the completely decrypted files on the client side.

Weak encryption (mangling the charset for example, that would make diffs usable again) is not safe especially with source code, where braces and brackets and from there loops and any other letters can be extremely quickly decoded.

I hope this proves that going this way is not leading to any possible practical solution. Maybe I am missing something. I am looking forward to reading interesting comments on my answer! :-)

Answer 4

The correct answer here is either:

1. Find a hosting provider you trust (or one that is compliant if regulatory issue are the problem)
2. Host it yourself

If the main concern is having a secure offsite backup, host the repository yourself and use someplace like rsync.net to handle the backup (they are SOX/HIPAA compliant). A cron job that rsyncs everything every 15 minutes should be sufficient. The cron job can encrypt your backup before pushing it. Just don't lose the keys/passwords.

This way Subversion doesn't need to know anything at all about your encryption scheme, and you can go about your work without having to worry about paranoia getting in the way of productivity.

Addenda:

Since you're doing shared hosting, and shared hosts are worthless: Get a dedicated source control host. Do not ever use a shared host for source control. Shared hosts are notorious for losing data and making false claims about data security and backups. Good examples of dedicated source control hosts: CVSDude, Beanstalk, GitHub