Cloud customer?
Start for Free >
Upgrade in MyJFrog >
What's New in Cloud >


The Keys Management function in the JFrog Platform enables you to create and control the keys used to encrypt or digitally sign your artifacts - in one central location. This makes it easier for you to manage signing keys throughout your organization.

Using the Keys Managed function, you can configure the following Artifactory security settings:

  • Signing Keys: Use this tab to manage the GPG and RSA signing keys used to sign packages for authentication and the RSA keys used to sign and verify the Alpine Linux Index files.
  • Java KeystoreManage the key store that holds the signing keys used to automatically sign JAR files downloaded from a virtual repository.
  • Public KeysStore and manage the public keys used to verify your Release Bundle integrity.
  • SSH KeysConfigure SSH keys to authenticate requests sent to the JFrog Platform from a Git LFS client or from the JFrog CLI.

JFrog Subscription Levels

Page Contents

Keys Management

To access the Keys Management function, in the JFrog Platform UI, go to the Administration module and then go to Artifactory | Security | Keys Management. This displays the Keys Management window.

JFrog Cloud New Interface (Beta)

On the taskbar, click(Platform Configurations), and select Platform Security > Keys Management. To learn more, click here. 

The centralized dashboard for creating and managing all signing keys displays the number of configured keys, the type, name, alias, primary resource, and secondary resource.

The Source column provides an indication of whether the key is an uploaded key or a Vault key:

  • If there are multiple vault connectors configured in your system, the Source will indicate which configured Vault connector is being used.
  • If no connector is configured, the key's source will appear as "No connector is configured".

Next, follow the steps for creating and controlling the keys according to the type of key.

  • No labels
Copyright © 2023 JFrog Ltd.