JFrog Platform Configuration
Last updated
Web Sign-in to the JFrog Platform
Use the jf login command to authenticate with the JFrog Platform through a web browser. This command is solely interactive; it does not receive any options and cannot be used in a CI server.
Create Access Tokens
Use this command to create Access Tokens in the JFrog Platform. By default, a user-scoped token is created. Administrators can provide the scope explicitly with --scope, or implicitly with --groups or --grant-admin.
Commands Arguments
Command name
access-token-create
Abbreviation
atc
Command arguments:
username
The username for whom you are creating the token. If not specified, the token is created for the current user.
Command options:
--audience
[Optional]
Specifies a space-separated list of the other instances or services, identified by their Service-IDs, that should accept this token.
--description
[Optional]
Provides a free text description for the token. This is useful for filtering and managing tokens and is limited to 1024 characters.
--expiry
[Optional]
The amount of time, in seconds, until the token expires. This value must be non-negative. If not provided, the platform default is used. To specify a token that never expires, set the value to zero. Non-administrators may only set a value that is equal to or lower than the platform default.
--grant-admin
[Default: false]
Set to true to provide admin privileges to the access token. This option is only available for administrators.
--groups
[Optional]
A comma-separated list of groups to associate with the access token. This option is only available for administrators.
--project
[Optional]
The project for which this token is created. Enter the project name on which you want to apply this token.
--reference
[Default: false]
Generate a Reference Token (an alias for an Access Token) in addition to the full token. This is available from Artifactory 7.38.10.
--refreshable
[Default: false]
Set to true to make the token refreshable. A refresh token is also returned to be used to generate a new token after expiration.
--scope
[Optional]
The scope of access that the token provides. This option is only available for administrators.
Examples
Example 1
Create an access token for the current user on the default server configured by the jf c add command.
jf atcExample 2
Create an access token for the user with the username toad.
jf atc toadAdd and Edit Configured Servers
The config add or config edit commands add and edit JFrog Platform server configurations, which are stored in JFrog CLI's configuration storage. Other commands can use these configured servers. You can override the configured server details for any command by passing in alternative values for the URL and sign-in credentials. The configured values are saved in a file under the JFrog CLI home directory.
Command Name
config add / config edit
Abbreviation
c add / c edit
Command options:
--access-token
[Optional]
Access token.
--artifactory-url
[Optional] Provides the JFrog Artifactory URL (for example, acme.jfrog.io/artifactory).
--basic-auth-only
[Default: false] For Artifactory authentication. Set to true to disable replacing the username and password/API key with an automatically created access token.
--client-cert-key-path
[Optional]
Private key file for the client certificate in PEM format.
--client-cert-path
[Optional]
Client certificate file in PEM format.
--dist-url
[Optional]
Distribution URL. (example: https://acme.jfrog.io/distribution)
--enc-password
[Default: true] If true, the configured password will be encrypted using Artifactory's encryption API before being stored. If false, the configured password will not be encrypted.
--insecure-tls
[Default: false]
Set to true to skip TLS certificates verification, while encrypting the Artifactory password during the config process.
--interactive
[Default: true, unless $CI is true]
Set to false if you do not want the config command to be interactive.
--mission-control-url
[Optional]
JFrog Mission Control URL. (example: https://acme.jfrog.io/ms)
--password
[Optional]
JFrog Platform password.
--ssh-key-path
[Optional]
For authentication with Artifactory. SSH key file path.
--url
[Optional]
JFrog Platform URL. (example: https://acme.jfrog.io)
--user
[Optional]
JFrog Platform username.
--xray-url
[Optional] Xray URL. (example: https://acme.jfrog.io/xray)
--overwrite
[Available for config add only] [Default: false] Overwrites the instance configuration if an instance with the same ID already exists.
Command arguments:
server ID
A unique ID for the server configuration.
Remove Configured Servers
The config remove command removes a JFrog Platform server configuration from JFrog CLI's configuration storage.
Command name
config remove
Abbreviation
c rm
Command options:
--quiet
[Default: $CI]
Set to true to skip the delete confirmation message.
Command arguments:
server ID
The server ID to remove. If no argument is provided, all configured servers are removed.
Show Configured Servers
The config show command shows the stored configuration. To show a specific server's configuration, provide its ID as an argument.
Command name
config show
Abbreviation
c s
Command arguments:
server ID
The ID of the server to show. If no argument is provided, all configured servers are shown.
Set a Server as Default
The config use command sets a configured server as the default for subsequent commands.
Command name
config use
Command arguments:
server ID
The ID of the server to set as default.
Export and Import Configuration
The config export command generates a token that stores a server configuration. The config import command uses this token to import the configuration and save it to JFrog CLI's configuration storage.
Export
Command name
config export
Abbreviation
c ex
Command arguments:
server ID
The ID of the server to export
Import
Command name
config import
Abbreviation
c im
Command arguments:
server token
The token to import
Sensitive Data Encryption
File-Based Encryption
Starting from version 1.37.0, JFrog CLI supports encrypting sensitive configuration data using an encryption key stored in a file. To enable encryption:
Generate a random 32-character master key. The key must be exactly 32 characters. For example:
f84hc22dQfhe9f8ydFwfsdn48!wejh8ACreate a file named
security.yamlunder~/.jfrog/security. If you customized the JFrog CLI home directory using theJFROG_CLI_HOME_DIRenvironment variable, create the file in the configured home directory.If you've customized the default JFrog CLI home directory by setting the JFROG_CLI_HOME_DIR environment variable, create the security/security.yaml file under the configured home directory.
Add the generated master key to the security.yaml file:
version: 1 masterKey: "your master key"Ensure that the security.yaml file has only read permissions for the user running JFrog CLI.
The configuration is encrypted the next time JFrog CLI accesses it. If you have existing configurations, you must reconfigure the servers.
Warning: When upgrading JFrog CLI from a version prior to 1.37.0, the
~/.jfrogdirectory is backed up to~/.jfrog/backup. After enabling encryption, it is recommended to remove the backup directory to ensure no sensitive data is left unencrypted.
Environment Variable-Based Encryption
Starting from version 2.36.0, JFrog CLI also supports encryption using a key stored in an environment variable. To enable this method:
Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Store the key in an environment variable named
JFROG_CLI_ENCRYPTION_KEY.
The configuration is encrypted the next time JFrog CLI accesses it. If you have existing configurations, you must reconfigure the servers.