Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >







Overview

You can configure the following Artifactory security settings:

For information on how to configure additional Artifactory security settings, see the following:

Page Contents


General Settings

Artifactory provides several system-wide settings to control access to different resources. Go to the Administration module and then go to Artifactory | Security.

Allow Basic Read of Build Related Info
This setting, when enabled, gives all users (including anonymous users) view permissions to published modules for all builds in the system. This is regardless of any specific permissions applied to a particular build. 
API Keys Management
The export target directory on your server. To revoke all API keys in the system, click Revoke API Keys for All Users.



Certificates

Some remote repositories (e.g. Red Hat Networks) block access from clients that are not authenticated with an SSL/TLS certificate. Therefore, to use a remote repository to proxy such resources, Artifactory must be equipped with the corresponding SSL/TLS certificate.

Adding Certificates

Certificates are managed in the Administration module under  Artifactory | Security | Certificates.

A certificate entered into this module should be a PEM file that includes both a private key and its corresponding certificate.

To add a new certificate, click New.

Provide the  Certificate Alias and copy the certificate contents into the designated area. Alternatively, you can drag and drop the corresponding PEM file into the designated area.

To avoid text errors, we recommend dragging and dropping the PEM file into the designated area

Password-protected PEM files are not supported

 Make sure the PEM file you upload is not password-protected.

Using a Certificate with a Remote Repository

When a remote repository proxy's a resource that requires authentication with a certificate, you need to obtain the certificate from the resource's owner and add it to the list of certificates as described above.

Under the remote repository's Other Settings, select the certificate you want to use from the list provided in the SSL/TLS Certificate field.

Proxying a Resource that Uses a Self-Signed Certificates

If the remote resource that your Artifactory remote repository is proxying (e.g. Red Hat Network's server) uses an untrusted server certificate (i.e. it is self-signed and not signed by any known Certificate Authority), you need to import the server's certificate into Artifactory's JVM truststore. To learn more about configuring a Self-Signed Certificate in Artifactory, see TLS Certificates.

You cannot configure a self-signed certificate in Artifactory SaaS

If you are using Artifactory SaaS (as opposed to an on-prem installation), you will not be able to proxy resources that use untrusted (i.e. ,self-signed) certificates since you do not have access to the Artifactory SaaS JVM truststore.

  • No labels
Copyright © 2023 JFrog Ltd.