JFrog Platform Configuration
Last updated
Last updated
© 2024 JFrog Ltd All Rights Reserved
You can use the jf login
command to authenticate with the JFrog Platform through the web browser. This command is solely interactive, meaning it does not receive any options and cannot be used in a CI server.
This command allows creating Access Tokens for users in the JFrog Platform. By default, a user-scoped token will be created. Administrators may provide the scope explicitly with '--scope', or implicitly with '--groups', '--grant-admin'.
Command name
access-token-create
Abbreviation
atc
Command arguments:
username
The username for which this token is created. If not specified, the token will be created for the current user.
Command options:
--audience
[Optional]
A space-separated list of the other instances or services that should accept this token identified by their Service-IDs.
--description
[Optional]
Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
--expiry
[Optional]
The amount of time, in seconds, it would take for the token to expire. Must be non-negative. If not provided, the platform default will be used. To specify a token that never expires, set to zero. Non-admin may only set a value that is equal or lower than the platform default that was set by an administrator (1 year by default).
--grant-admin
[Default: false]
Set to true to provide admin privileges to the access token. This is only available for administrators.
--groups
[Optional]
A list of comma-separated(,) groups for the access token to be associated with. This is only available for administrators.
--project
[Optional]
The project for which this token is created. Enter the project name on which you want to apply this token.
--reference
[Default: false]
Generate a Reference Token (alias to Access Token) in addition to the full token (available from Artifactory 7.38.10).
--refreshable
[Default: false]
Set to true if you'd like the token to be refreshable. A refresh token will also be returned in order to be used to generate a new token once it expires.
--scope
[Optional]
The scope of access that the token provides. This is only available for administrators.
Create an access token for the user in the default server configured by the jf c add command:
Create an access token for the user with the toad username:
The config add and config edit commands are used to add and edit JFrog Platform server configuration, stored in JFrog CLI's configuration storage. These configured servers can be used by the other commands. The configured servers' details can be overridden per command by passing in alternative values for the URL and login credentials. The values configured are saved in file under the JFrog CLI home directory.
Command Name
config add / config edit
Abbreviation
c add / c edit
Command options:
--access-token
[Optional]
Access token.
--artifactory-url
[Optional]
JFrog Artifactory URL. (example: https://acme.jfrog.io/artifactory)
--basic-auth-only
[Default: false]
Used for Artifactory authentication. Set to true to disable replacing username and password/API key with automatically created access token that's refreshed hourly. Username and password/API key will still be used with commands which use external tools or the JFrog Distribution service. Can only be passed along with username and password/API key options.
--client-cert-key-path
[Optional]
Private key file for the client certificate in PEM format.
--client-cert-path
[Optional]
Client certificate file in PEM format.
--dist-url
[Optional]
Distribution URL. (example: https://acme.jfrog.io/distribution)
--enc-password
[Default: true] If true, the configured password will be encrypted using Artifactory's encryption API before being stored. If false, the configured password will not be encrypted.
--insecure-tls
[Default: false]
Set to true to skip TLS certificates verification, while encrypting the Artifactory password during the config process.
--interactive
[Default: true, unless $CI is true]
Set to false if you do not want the config command to be interactive.
--mission-control-url
[Optional]
JFrog Mission Control URL. (example: https://acme.jfrog.io/ms)
--password
[Optional]
JFrog Platform password.
--ssh-key-path
[Optional]
For authentication with Artifactory. SSH key file path.
--url
[Optional]
JFrog Platform URL. (example: https://acme.jfrog.io)
--user
[Optional]
JFrog Platform username.
--xray-url
[Optional] Xray URL. (example: https://acme.jfrog.io/xray)
--overwrite
[Available for config add only] [Default: false] Overwrites the instance configuration if an instance with the same ID already exists.
Command arguments:
server ID
A unique ID for the server configuration.
The config remove command is used to remove JFrog Platform server configuration, stored in JFrog CLI's configuration storage.
Command name
config remove
Abbreviation
c rm
Command options:
--quiet
[Default: $CI]
Set to true to skip the delete confirmation message.
Command arguments:
server ID
The server ID to remove. If no argument is sent, all configured servers are removed.
The config show command shows the stored configuration. You may show a specific server's configuration by sending its ID as an argument to the command.
Command name
config show
Abbreviation
c s
Command arguments:
server ID
The ID of the server to show. If no argument is sent, all configured servers are shown.
The config use command sets a configured server as default. The following commands will use this server.
Command name
config use
Command arguments:
server ID
The ID of the server to set as default.
The config export command generates a token, which stores the server configuration. This token can be used by the config import command, to import the configuration stored in the token, and save it in JFrog CLI's configuration storage.
Command name
config export
Abbreviation
c ex
Command arguments:
server ID
The ID of the server to export
Command name
config import
Abbreviation
c im
Command arguments:
server token
The token to import
Starting from version 1.37.0, JFrog CLI introduces support for encrypting sensitive data stored in its configuration using an encryption key stored in a file. Follow these steps to enable encryption:
Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Create a file named security.yaml under ~/.jfrog/security.
If you've customized the default JFrog CLI home directory by setting the JFROG_CLI_HOME_DIR environment variable, create the security/security.yaml file under the configured home directory.
Add the generated master key to the security.yaml file:
Ensure that the security.yaml file has only read permissions for the user running JFrog CLI.
The configuration will be encrypted the next time JFrog CLI accesses the config. If you have existing configurations stored before creating the file, you'll need to reconfigure the servers stored in the config.
Warning: When upgrading JFrog CLI from a version prior to 1.37.0 to version 1.37.0 or above, automatic changes are made to the content of the ~/.jfrog directory to support the new functionality introduced. Before making these changes, the content of the ~/.jfrog directory is backed up inside the ~/.jfrog/backup directory. After enabling sensitive data encryption, it is recommended to remove the backup directory to ensure no sensitive data is left unencrypted.
Starting from version 2.36.0, JFrog CLI also supports encrypting sensitive data in its configuration using an encryption key stored in an environment variable. To enable encryption, follow these steps:
Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Store the key in an environment variable named JFROG_CLI_ENCRYPTION_KEY.
The configuration will be encrypted the next time JFrog CLI attempts to access the config. If you have configurations already stored before setting the environment variable, you'll need to reconfigure the servers stored in the config.