Using the latest version?
JFrog Container Registry Guide


Skip to end of metadata
Go to start of metadata

Overview

The global JFrog Container Registry configuration file stores the various passwords that are needed in order to interface with your organizations systems and external repositories. For example, JFrog Container Registry may need your LDAP server password.

In order to keep these passwords secure, you can choose to store them in an encrypted format. In this case, JFrog Container Registry will generate an JFrog Container Registry Encryption Key which will be used to encrypt these passwords for storage and display, and to decrypt them when you need to access the corresponding resources.

IBM JDK Encryption Restrictions

Users of the IBM JDK should read about IBM JDK encryption restrictions described in Using Your Secure Password.

Page Contents


Activating and Deactivating Password Encryption

By default, JFrog Container Registry is configured to encrypt passwords. While JFrog Container Registry Key Encryption is active, all current passwords in the global configuration file are encrypted, and any new passwords, or updates will also be encrypted automatically.

An JFrog Container Registry administrator can deactivate encryption by using the Deactivate JFrog Container Registry Key Encryption REST API endpoint. Once JFrog Container Registry Key Encryption is deactivated, all passwords in the global configuration file are decrypted, the configuration is reloaded and the current JFrog Container Registry Encryption Key is removed. Any new passwords entered, or passwords updated will not be encrypted.

An JFrog Container Registry administrator can reactivate encryption by using the Activate JFrog Container Registry Key Encryption endpoint. Once JFrog Container Registry Key Encryption is activated, subsequent activations using the REST API are ignored. 


Exporting and Importing the JFrog Container Registry Encryption Key

If the JFrog Container Registry Encryption Key is in its default location under the $ARTIFACTORY_HOME/etc/security folder, it will be exported during a system backup or full system export.

Correspondingly, if an JFrog Container Registry Encryption Key was exported, and you now perform a full system import, the key will be copied to the default location and the JFrog Container Registry Key Encryption feature will be activated. i.e. the JFrog Container Registry Encryption Key will be used to encrypt and decrypt the imported configuration.

  • No labels