By default, the system is configured to encrypt passwords. While Key Encryption is active, all current passwords in the global configuration file are encrypted, and any new passwords, or updates will also be encrypted automatically.
An administrator can deactivate encryption by using the DeactivateArtifactoryKeyEncryption endpoint. Once Key Encryption is deactivated, all passwords in the global configuration file are decrypted, the configuration is reloaded and the current Artifactory Encryption Key is removed. Any new passwords entered, or passwords updated will not be encrypted.
An administrator can reactivate encryption by using the ActivateArtifactoryKeyEncryption endpoint. Once the Key Encryption is activated, subsequent activations using the REST API are ignored.
If the Artifactory Encryption Key (
artifactory.key) is in its default location under the
$JFROG_HOME/artifactory/var/etc/security folder, it will be exported during a Backup or full system export.
Correspondingly, if an Artifactory Encryption Key was exported, and you now perform a full system import, the key will be copied to the default location and the Artifactory Key Encryption feature will be activated. i.e. the Artifactory Encryption Key will be used to encrypt and decrypt the imported configuration.