From Artifactory release 7.38.4.
JFrog enables companies to create their own admin-scoped access token without using the JFrog Platform UI or via another token. This Access admin-scoped token is designed to be used for a short time only and its purpose is to start up the system. This provides customers with the option of setting up their JFrog Platform in an automated, fully UI-free setup.
To securely-generate the "first" admin-scoped access tokens, without relying on a previous token or basic credentials:
Generate an admin-scoped token by placing a generate.token.json
file under the /var/bootstrap/etc/access/keys
directory. For example:
/var/bootstrap/etc/access/keys/generate.token.json{{}} |
When bootstrapping, if this file is created, this will generate a token and set it under the /var/etc/access/keys/
directory
. For example:
/var/etc/access/keys/token.json |
The |
The resulting token's properties are as follows:
For Docker installations, you will need to mount the bootstrap directory. |
By default the join.key and master.key files are automatically generated by Artifactory during the initial start up of the service.
A different key (hexadecimal encoded) can be created using the following command.
openssl rand -hex 16 /or openssl rand -hex 32 |
There are two ways to manually update your keys: file copy and/or bootstrap via system.yaml file.
This method only applies if you have installed but not started your service yet.
This method can be used even if you already have a join.key
$JFROG_HOME/artifactory/var
/bootstrap/access/etc/security
directory.Add the Artifactory permissions to the directories and the join.key file. For example,
chown -R artifactory:artifactory access/etc/security/join.key |
By default, a join.key is automatically generated and stored in the Access database during Access startup.
The join.key is then automatically copied by Access to Artifactory over the file system and is re-provisioned every time the services are restarted.
Access shares the join.key with Artifactory by copying it to the following location:
$JFROG_HOME/artifactory/var/etc/security/join.key
Upgrading to Artifactory 6.8 automatically initiates and generates the |
There should only be one join.key
per HA cluster since the Access database is shared across all nodes of an HA cluster.
In case a join key is provided and not generated by the system, it can be provided to a single cluster node as it will be propagated to all nodes of the cluster by the system.