🐸
JFrog Applications
  • JFrog Applications
  • JFrog Applications
    • JFrog CLI
      • Download and Install
      • Authentication
      • Shell Auto Completion
      • JFrog CLI Environment Variables
      • Configurations
        • JFrog Platform Configuration
        • Proxy Support
      • CLI AI Assistant
        • AI Assistant Addendum
      • Binaries Management with JFrog Artifactory
        • Environment Variables
        • Authentication
        • Verifying Artifactory's Accessibility
        • Generic Files
        • Using File Specs
        • Using Placeholders
        • Build Integration
        • Package Managers Integration
        • Storing Symlinks in Artifactory
        • cURL Integration
        • Managing Configuration Entities
        • Release Lifecycle Management
        • Transferring Files Between Artifactory Servers
        • Cleaning Up Unreferenced Files from a Git LFS Repository
        • Evidence Service
      • CLI for JFrog Security
        • Download Updates for Xray's Database
        • How Tos
          • Scan your code dependencies
          • Scan your Binaries
          • Enrich your SBOM JSONs & XMLs
          • JFrog Curation
          • Scan Published Builds
          • Count Contributing Developers
      • CLI for JFrog Distribution
      • CLI for JFrog Cloud Transfer
      • CLI for JFrog Platform Services
        • Initialize JFrog Worker
        • Test-Run JFrog Worker
        • Deploy JFrog Worker
        • Add Secrets to JFrog Worker
        • Undeploy JFrog Worker
        • Execute an HTTP-Triggered Worker
        • List Available Events
        • List Registered Workers
        • Show Worker Execution History
        • Edit Worker Schedule
      • CLI Command Summaries
      • JFrog CLI Plugins
        • JFrog CLI Plugins Developer Guide
    • IDE
      • Visual Studio Code
        • VS Code Prerequsites Per Language
        • Supported Technologies
        • Install the JFrog VS Code Extension
          • Connect VS Code to the JFrog Platform
        • Manage VS Code IDE
        • Quick Start
        • How Tos
          • Analyze your Results
            • Resolve Issues
            • Ignore Findings
      • JetBrains IDEs
        • Supported Technologies
        • Install the JFrog IDEA Plugin
        • Connect the JFrog Plugin to the JFrog Platform
        • Using the JFrog Plugin in the JetBrains IDEs
        • Plugin Configuration
        • Apply Xray Policies and Watches
        • Troubleshooting
      • Eclipse
        • Supported Technologies
        • Install and Setup of the JFrog Eclipse IDE Plugin
        • Scan Gradle Projects with the JFrog Eclipse IDE Plugin
        • Use the JFrog Eclipse IDE Plugin
      • Visual Studio
        • Supported Technologies
        • Install and Setup the JFrog Visual Studio Extension
        • Use the JFrog Visual Studio Extension
    • JFrog Frogbot
      • Supported Technologies
      • Setup
        • Frogbot Configuration
        • Setup Frogbot Using GitHub Actions
          • OIDC Authentication
          • Scan Git Repository Full Template
          • Scan Pull Request Full Template
        • Setup Frogbot Using Jenkins
        • Setup Frogbot Using JFrog Pipelines
        • Setup Frogbot Using GitLab CI
          • GitLab Full Template
        • Setup Frogbot Using Azure Pipelines
      • Scan Execution
        • Scan Git Repositories
          • View Security Alerts on GitHub
        • Scan Pull Requests
          • Scan GitHub Pull Request
          • Scan GitLab Pull Request
          • Scan Azure Repos Pull Request
          • Scan Bitbucket Server Pull Request
          • Pull Request Scan Results
      • Frogbot Badge
  • CI & SDKs
    • CI Integrations
      • Maven Artifactory Plugin
      • GitLab Templates for JFrog
      • Jenkins JFrog Plugin
      • Bamboo JFrog Plugin
      • GitHub Actions
      • Artifactory Gradle Plugin
    • SDKs
      • Artifactory Java Client
      • JFrog Go Client
  • JFrog Security Features
    • SCA
    • Contextual Analysis
    • Infrastructure as Code (IaC)
    • Secrets
    • SAST
      • Integrations
      • Ignore Findings
Powered by GitBook
On this page
Edit on GitHub
Export as PDF
  1. JFrog Applications
  2. JFrog CLI
  3. Configurations

JFrog Platform Configuration

PreviousConfigurationsNextProxy Support

Last updated 6 hours ago

© 2024 JFrog Ltd All Rights Reserved

CtrlK
  • Web Sign-in to the JFrog Platform
  • Create Access Tokens
  • Commands Arguments
  • Examples
  • Add and Edit Configured Servers
  • Remove Configured Servers
  • Show Configured Servers
  • Set a Server as Default
  • Export and Import Configuration
  • Export
  • Import
  • Sensitive Data Encryption
  • File-Based Encryption
  • Environment Variable-Based Encryption

Web Sign-in to the JFrog Platform

Use the jf login command to authenticate with the JFrog Platform through a web browser. This command is solely interactive; it does not receive any options and cannot be used in a CI server.

Create Access Tokens

Use this command to create Access Tokens in the JFrog Platform. By default, a user-scoped token is created. Administrators can provide the scope explicitly with --scope, or implicitly with --groups or --grant-admin.

Commands Arguments

Command name

access-token-create

Abbreviation

atc

Command arguments:

username

The username for whom you are creating the token. If not specified, the token is created for the current user.

Command options:

--audience

[Optional]

Specifies a space-separated list of the other instances or services, identified by their Service-IDs, that should accept this token.

--description

[Optional]

Provides a free text description for the token. This is useful for filtering and managing tokens and is limited to 1024 characters.

--expiry

[Optional]

The amount of time, in seconds, until the token expires. This value must be non-negative. If not provided, the platform default is used. To specify a token that never expires, set the value to zero. Non-administrators may only set a value that is equal to or lower than the platform default.

--grant-admin

[Default: false]

Set to true to provide admin privileges to the access token. This option is only available for administrators.

--groups

[Optional]

A comma-separated list of groups to associate with the access token. This option is only available for administrators.

--project

[Optional]

The project for which this token is created. Enter the project name on which you want to apply this token.

--reference

[Default: false]

Generate a Reference Token (an alias for an Access Token) in addition to the full token. This is available from Artifactory 7.38.10.

--refreshable

[Default: false]

Set to true to make the token refreshable. A refresh token is also returned to be used to generate a new token after expiration.

--scope

[Optional]

The scope of access that the token provides. This option is only available for administrators.

Examples

Example 1

Create an access token for the current user on the default server configured by the jf c add command.

jf atc

Example 2

Create an access token for the user with the username toad.

jf atc toad

Add and Edit Configured Servers

The config add or config edit commands add and edit JFrog Platform server configurations, which are stored in JFrog CLI's configuration storage. Other commands can use these configured servers. You can override the configured server details for any command by passing in alternative values for the URL and sign-in credentials. The configured values are saved in a file under the JFrog CLI home directory.

Command Name

config add / config edit

Abbreviation

c add / c edit

Command options:

--access-token

[Optional]

Access token.

--artifactory-url

[Optional] Provides the JFrog Artifactory URL (for example, acme.jfrog.io/artifactory).

--basic-auth-only

[Default: false] For Artifactory authentication. Set to true to disable replacing the username and password/API key with an automatically created access token.

--client-cert-key-path

[Optional]

Private key file for the client certificate in PEM format.

--client-cert-path

[Optional]

Client certificate file in PEM format.

--dist-url

[Optional]

Distribution URL. (example: https://acme.jfrog.io/distribution)

--enc-password

[Default: true] If true, the configured password will be encrypted using Artifactory's encryption API before being stored. If false, the configured password will not be encrypted.

--insecure-tls

[Default: false]

Set to true to skip TLS certificates verification, while encrypting the Artifactory password during the config process.

--interactive

[Default: true, unless $CI is true]

Set to false if you do not want the config command to be interactive.

--mission-control-url

[Optional]

JFrog Mission Control URL. (example: https://acme.jfrog.io/ms)

--password

[Optional]

JFrog Platform password.

--ssh-key-path

[Optional]

For authentication with Artifactory. SSH key file path.

--url

[Optional]

JFrog Platform URL. (example: https://acme.jfrog.io)

--user

[Optional]

JFrog Platform username.

--xray-url

[Optional] Xray URL. (example: https://acme.jfrog.io/xray)

--overwrite

[Available for config add only] [Default: false] Overwrites the instance configuration if an instance with the same ID already exists.

Command arguments:

server ID

A unique ID for the server configuration.

Remove Configured Servers

The config remove command removes a JFrog Platform server configuration from JFrog CLI's configuration storage.

Command name

config remove

Abbreviation

c rm

Command options:

--quiet

[Default: $CI]

Set to true to skip the delete confirmation message.

Command arguments:

server ID

The server ID to remove. If no argument is provided, all configured servers are removed.

Show Configured Servers

The config show command shows the stored configuration. To show a specific server's configuration, provide its ID as an argument.

Command name

config show

Abbreviation

c s

Command arguments:

server ID

The ID of the server to show. If no argument is provided, all configured servers are shown.

Set a Server as Default

The config use command sets a configured server as the default for subsequent commands.

Command name

config use

Command arguments:

server ID

The ID of the server to set as default.

Export and Import Configuration

The config export command generates a token that stores a server configuration. The config import command uses this token to import the configuration and save it to JFrog CLI's configuration storage.

Export

Command name

config export

Abbreviation

c ex

Command arguments:

server ID

The ID of the server to export

Import

Command name

config import

Abbreviation

c im

Command arguments:

server token

The token to import

Sensitive Data Encryption

File-Based Encryption

Starting from version 1.37.0, JFrog CLI supports encrypting sensitive configuration data using an encryption key stored in a file. To enable encryption:

  1. Generate a random 32-character master key. The key must be exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A

  2. Create a file named security.yaml under ~/.jfrog/security. If you customized the JFrog CLI home directory using the JFROG_CLI_HOME_DIR environment variable, create the file in the configured home directory.

    If you've customized the default JFrog CLI home directory by setting the JFROG_CLI_HOME_DIR environment variable, create the security/security.yaml file under the configured home directory.

  3. Add the generated master key to the security.yaml file:

    version: 1
    masterKey: "your master key"
  4. Ensure that the security.yaml file has only read permissions for the user running JFrog CLI.

The configuration is encrypted the next time JFrog CLI accesses it. If you have existing configurations, you must reconfigure the servers.

Warning: When upgrading JFrog CLI from a version prior to 1.37.0, the ~/.jfrog directory is backed up to ~/.jfrog/backup. After enabling encryption, it is recommended to remove the backup directory to ensure no sensitive data is left unencrypted.

Environment Variable-Based Encryption

Starting from version 2.36.0, JFrog CLI also supports encryption using a key stored in an environment variable. To enable this method:

  1. Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A

  2. Store the key in an environment variable named JFROG_CLI_ENCRYPTION_KEY.

The configuration is encrypted the next time JFrog CLI accesses it. If you have existing configurations, you must reconfigure the servers.