Introduction
API Keys are going through a deprecation process and in order to get ready for the deprecation of API keys, Artifactory administrators are given the ability to prevent the creation of new API keys.
Resolution
To disable the API Keys, it cannot be performed from the REST API, instead you will need to perform the following steps below:
This functionality is available starting from version 7.41 and above. This can be done by adding the following system property to the $JFROG_HOME/artifactory/var/etc/artifactory/artifactory.system.properties, setting the API key creation blockage to “true”:
artifactory.security.apiKey.blockCreate=true
(This change requires a restart of Artifactory)
In addition to the above changes in the artifactory.system.properties, in Artifactory versions 7.77 and greater, the API key block create property needs to be also set in the Access YAML Configuration as follows:
- Navigate to access.config.latest.yml located $JFROG_HOME/artifactory/var/etc/access and add the property below:
security:
authentication:
disable-api-key-creation: true
If Artifactory version 7.84.x or above, then modify the following properties in addition to the above:
security:
authentication:
disable-api-key-creation: true # When set to true, block user from create api key
disable-api-key-authentication: true # When set to true, block user from authenticate with api key.
- Rename the file of access.config.latest.yml to access.config.import.yml
- Restart Artifactory for changes to take effect
Note:
Starting from Artifactory version 7.98, the default setting for
security.authentication.disable-api-key-creation will be true
For the supported Access configuration settings, please visit the Supported Access Configurations page.
In addition, you have the possibility to disable API Key Usage directly from the UI.
- Navigate to Administration > Authentication > General
- At the bottom of the page, click on the feature of “Disable API Key Usage”, for example:
