ARTIFACTORY: How to configure JFrog CLI to store all configurations in an encrypted format securely

ARTIFACTORY: How to configure JFrog CLI to store all configurations in an encrypted format securely
Products
Frog_Artifactory
Content Type
Integrations
AuthorFullName__c
Vaibhav Jain
articleNumber
000006397
ft:sourceType
Salesforce
FirstPublishedDate
2025-04-15T08:48:15Z
lastModifiedDate
2025-04-01
VersionNumber
1
Introduction 

Did you know that configuring JFrog CLI with Artifactory can be done in multiple ways?
You can use mTLS, Username/Password, Access Tokens, and even Web Login. When you set it up with Artifactory, your configuration is stored in the jfrog-cli.conf.v6 file within the .jfrog directory. However, it's crucial to note that configurations using Access Tokens are not encrypted.

In this article, we’ll guide you on how to configure JFrog CLI to securely store all configurations in an encrypted format.


Secure Your Configurations: How to Encrypt JFrog CLI Settings

To store the JFrog CLI configuration in an encrypted format, we need to follow the below methods:-

File-Based Encryption

With version 1.37.0, JFrog CLI introduced file-based encryption for protecting sensitive information. Follow these user-friendly steps to enable encryption and keep your data secure:

1. Clean Slate: Remove all existing configurations.

2. Create a Security Directory(if not present): In your ~/.jfrog/ directory, create a new folder called security.
    Inside this folder, set up a file named security.yaml.

3. Generate Your Master Key: Create a random 32-character master key. The key must be exactly 32 characters long.
    For instance: f84hc22dQfhe9f8ydFwfsdn48!wejh8A.

4. Edit security.yaml: Open your security.yaml file and add the following lines
 
version: 1
masterKey: "f84hc22dQfhe9f8ydFwfsdn48!wejh8A"
 
 
 
Ensure that this file has read-only permissions for the user running JFrog CLI.

5. Configure the CLI: You can now set up the CLI using your preferred method, such as username/Password or Access Token.

6. Verify Encryption: Once configured, navigate to ~/.jfrog/jfrog-cli.conf.v6 and notice that your Access Token is now securely encrypted!


Environment Variable-Based Encryption

Starting from version 2.36.0, JFrog CLI also allows you to encrypt sensitive configuration data using an encryption key stored as an environment variable. Here's how to activate this feature:

1. Generate Your Master Key: Just like before, create a random 32-character master key, ensuring it matches the exact length requirement.
    Example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A.

2. Set the Environment Variable: Store your master key in an environment variable named JFROG_CLI_ENCRYPTION_KEY.

3. Encryption Activation: The next time JFrog CLI accesses the configuration, it will automatically encrypt the data.
    If you have pre-existing configurations, you'll need to reconfigure the servers to apply the new encryption settings.


For more details, kindly refer to the below documentation: 

JFrog CLI - Official Documentation
Sensitive Data Encryption