SVN - View only the latest version and hide previous versions

Question

I want to store a password repository database (Keepass) in version control. The reason being- this ensures automatic backups, centralizes location and also removes all inconsistencies of storing the file in a network shared drive etc.

However, by doing so, I lose the ability to change the master password for the password database, as a password to the new pwd db, would be affected only on the latest version and anyone who has the previous password can still go the previous versions of this db and get most of the other passwords which would still be valid.

So, is there a way that I can stop everyone else to read the previous versions? In other words, only the latest version of the file should be visible (or) accessible to read/checkout etc.?

Answer 1

Subversion is the completely wrong way to go about doing what you're looking to do. Reasons:

1. Subversion is not backup!
2. Subversion is not a backup system!
3. There are other methods of "centralizing" your storage with Keepass
4. You will have other inconsistency issues which will crop up when people have to merge different sets of changes to the database and back to the repository.

Have a look at the answers to this SO post for ideas on how to handle this better.

Answer 2

One of the main purposes of version control systems like SVN is to provide access to all previous versions (revisions) of a single file.

If you would like your users to see only the last revision of the file only and still want to use svn to version your databases, you need to abstract svn away from your users and ensure that they won't have access to the svn working copy and/or database.

You could use a network shared drive to serve the file, but still version the file/directory in svn. However your users must not have access to the .svn directory.

Another idea would be providing a wrapper for the password file. Some deamon/script called periodically by the operating system would update its internal database and afterwards copy the database file to a certain location. You would have to ensure, that your users do not have access to this script and repository and thus cannot inspect the script.