Cloud customer?
 Upgrade in MyJFrog >

Search





Overview

The global configuration file stores the various passwords that are needed in order to interface with your organizations systems and external repositories. For example, the system may need your LDAP server password.

In order to keep these passwords secure, you can choose to store them in an encrypted format. In this case, Artifactory will generate an Encryption Key which will be used to encrypt these passwords for storage and display, and to decrypt them when you need to access the corresponding resources.

IBM JDK Encryption Restrictions

Users of the IBM JDK should read about IBM JDK encryption restrictions described in Centrally Secure Passwords.

Page Contents



Activating and Deactivating Password Encryption

By default, the system is configured to encrypt passwords. While Key Encryption is active, all current passwords in the global configuration file are encrypted, and any new passwords, or updates will also be encrypted automatically.

An administrator can deactivate encryption by using the DeactivateArtifactoryKeyEncryption endpoint. Once Key Encryption is deactivated, all passwords in the global configuration file are decrypted, the configuration is reloaded and the current Artifactory Encryption Key is removed. Any new passwords entered, or passwords updated will not be encrypted.

An administrator can reactivate encryption by using the ActivateArtifactoryKeyEncryption endpoint. Once the Key Encryption is activated, subsequent activations using the REST API are ignored.


Exporting and Importing the Artifactory Encryption Key

If the Artifactory Encryption Key is in its default location under the $JFROG_HOME/artifactory/var/etc/security folder, it will be exported during a Backups or full system export.

Correspondingly, if an Artifactory Encryption Key was exported, and you now perform a full system import, the key will be copied to the default location and the Artifactory Key Encryption feature will be activated. i.e. the Artifactory Encryption Key will be used to encrypt and decrypt the imported configuration.

Copyright © 2020 JFrog Ltd.