How To Use Encrypted Repositories


Fossil can be compiled so that it works with encrypted repositories using the SQLite Encryption Extension. This technical note explains the process.

Building An Encryption-Enabled Fossil

The SQLite Encryption Extension (SEE) is proprietary software and requires purchasing a license.

Assuming you have an SEE license, the first step of compiling Fossil to use SEE is to create an SEE-enabled version of the SQLite database source code. This alternative SQLite database source file should be called "sqlite3-see.c" and should be placed in the src/ subfolder of the Fossil sources, right beside the public-domain "sqlite3.c" source file.

Add the --with-see command-line option to the configuration script to enable the use of SEE on unix-like systems.

./configure --with-see; make

To build for Windows using MSVC, add the "USE_SEE=1" argument to the "nmake" command line.

nmake -f makefile.msc USE_SEE=1

Using Encrypted Repositories

Any Fossil repositories whose filename ends with ".efossil" is taken to be an encrypted repository. Fossil will prompt for the encryption password and attempt to open the repository database using that password.

Every use of an encrypted repository requires retyping the encryption password.

On Windows, the "fossil server" and "fossil ui" commands do not (currently) work on an encrypted repository.