In this article we will learn how to identify API Key users from JFrog Artifactory logs.
We can determine which requests were sent with API KEY as credentials by inspecting the artifactory-access.log. The log entry for the LOGIN request will contain the string "apiKey" as (authentication_method)
Please find the sample log entry fom Artifactory instance for the "API KEY" user.
artifactory-access.log 2023-11-09T03:54:27.795Z [xxxxxxxxxxxxxxxxxx] [ACCEPTED LOGIN] for client : testuser / XX.XXX.XXX.XXX [apiKey]
As you are aware, JFrog is deprecating API Keys, therefore this will help in identifying users who are using API Keys. You may refer to this article for more information.