Using Artifactory 5.x ?
JFrog Artifactory 5.x User Guide


Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

The global Artifactory configuration file stores the various passwords that are needed in order to interface with your organizations systems and external repositories. For example, Artifactory may need your LDAP server password.

In order to keep these passwords secure, you can choose to store them in an encrypted format. In this case, Artifactory will generate a Master Encryption Key which will be used to encrypt these passwords for storage and display, and to decrypt them when you need to access the corresponding resources.

IBM JDK Encryption Restrictions

Users of the IBM JDK should read about IBM JDK encryption restrictions described in Using Your Secure Password.

Page Contents


Encrypting Passwords

When Master Key Encryption is activated all current passwords in the global configuration file are encrypted, and any new passwords, or updates will also be encrypted automatically.

The default Artifactory configuration does not encrypt passwords.  An Artifactory administrator can activate encryption by either using the REST API, or through the Artifactory UI in the Admin module under Security | General.

Master Key Encryption

Once Master Key Encryption is activated, subsequent activation using the REST API are ignored.


Decrypting Passwords

An Artifactory administrator can deactivate encryption, and decrypt any currently encrypted passwords by either using the REST API, or through the Artifactory UI in the Admin module under Security | General.

When you select Decrypt, all passwords in the global configuration file are decrypted, the configuration is reloaded and the current Master Key is removed.

Any new passwords entered, or passwords updated will not be encrypted.


Exporting and Importing the Master Key

If the Master Key is in its default location under the $ARTIFACTORY_HOME/etc folder, it will be exported during a system backup or full system export.

Correspondingly, if a Master Key was exported, and you now perform a full system import, the key will be copied to the default location and the Master Key Encryption feature will be activated. i.e. the Master Key will be used to encrypt and decrypt the imported configuration.

Master Key File Location

By default, the Master Key file is located under $ARTIFACTORY_HOME/etc/security/artifactory.key.

You may wish to exercise more stringent security so that the master key file is in a more secure location.

In this case you can change the file location by modifying the artifactory.security.master.key property in the artifactory.system.properties file.

For example,

Modifying the default master key file location
artifactory.security.master.key=<other location>/artifactory.key

If you use a partial path, then it will be interpreted as relative to the $ARTIFACTORY_HOME/etc folder.

If you change the Master Key file location, it will not be exported automatically. It is up to the administrator to back it up along with the export, and restore it manually on an import.

 

 

 

 

 

  • No labels