The global Artifactory configuration file stores the various passwords that are needed in order to interface with your organizations systems and external repositories. For example, Artifactory may need your LDAP server password.

In order to keep these passwords secure, you can choose to store them in an encrypted format. In this case, Artifactory will generate an Artifactory Encryption Key which will be used to encrypt these passwords for storage and display, and to decrypt them when you need to access the corresponding resources.

Users of the IBM JDK should read about IBM JDK encryption restrictions described in Using Your Secure Password.

Activating and Deactivating Password Encryption

By default, Artifactory is configured to encrypt passwords. While Artifactory Key Encryption is active, all current passwords in the global configuration file are encrypted, and any new passwords, or updates will also be encrypted automatically.

An Artifactory administrator can deactivate encryption by using the Deactivate Artifactory Key Encryption REST API endpoint. Once Artifactory Key Encryption is deactivated, all passwords in the global configuration file are decrypted, the configuration is reloaded and the current Artifactory Encryption Key is removed. Any new passwords entered, or passwords updated will not be encrypted.

An Artifactory administrator can reactivate encryption by using the Activate Artifactory Key Encryption REST API endpoint. Once Artifactory Key Encryption is activated, subsequent activations using the REST API are ignored.

Exporting and Importing the Artifactory Encryption Key

If the Artifactory Encryption Key is in its default location under the $ARTIFACTORY_HOME/etc/security folder, it will be exported during a system backup or full system export.

Correspondingly, if an Artifactory Encryption Key was exported, and you now perform a full system import, the key will be copied to the default location and the Artifactory Key Encryption feature will be activated. i.e. the Artifactory Encryption Key will be used to encrypt and decrypt the imported configuration.