Using Artifactory 5.x ?
JFrog Artifactory 5.x User Guide
Have a question? Want to report an issue? Contact JFrog support
The global Artifactory configuration file stores the various passwords that are needed in order to interface with your organizations systems and external repositories. For example, Artifactory may need your LDAP server password.
In order to keep these passwords secure, you can choose to store them in an encrypted format. In this case, Artifactory will generate a Master Encryption Key which will be used to encrypt these passwords for storage and display, and to decrypt them when you need to access the corresponding resources.
IBM JDK Encryption Restrictions
Users of the IBM JDK should read about IBM JDK encryption restrictions described in Using Your Secure Password.
When Master Key Encryption is activated all current passwords in the global configuration file are encrypted, and any new passwords, or updates will also be encrypted automatically.
The default Artifactory configuration does not encrypt passwords. An Artifactory administrator can activate encryption by either using the REST API, or through the Artifactory UI in the Admin module under Security | General.
Once Master Key Encryption is activated, subsequent activation using the REST API are ignored.
An Artifactory administrator can deactivate encryption, and decrypt any currently encrypted passwords by either using the REST API, or through the Artifactory UI in the Admin module under Security | General.
When you select Decrypt, all passwords in the global configuration file are decrypted, the configuration is reloaded and the current Master Key is removed.
Any new passwords entered, or passwords updated will not be encrypted.
Exporting and Importing the Master Key
Correspondingly, if a Master Key was exported, and you now perform a full system import, the key will be copied to the default location and the Master Key Encryption feature will be activated. i.e. the Master Key will be used to encrypt and decrypt the imported configuration.
Master Key File Location
By default, the Master Key file is located under
You may wish to exercise more stringent security so that the master key file is in a more secure location.
In this case you can change the file location by modifying the
artifactory.security.master.key property in the
If you use a partial path, then it will be interpreted as relative to the
If you change the Master Key file location, it will not be exported automatically. It is up to the administrator to back it up along with the export, and restore it manually on an import.