Reset all Encrypted File Passwords
The database password in the $JFROG_HOME/etc/system.yaml is encrypted by the master key file. Replace this encrypted password in this file with the original, plain text password.
Locate the $JFROG_HOME/etc/artifactory/binarystore.xml file, then identify any terms starting with "JE" or "AM" and remove them. Make sure to replace the removed sections with the original plaintext values.
Before proceeding with the next step, please make a backup your database schema by taking a database dump. After the information is backed up and saved, we next need to delete a series of rows which were encrypted by the lost key.
These rows are either temporary or are encrypted files from the file system, so there shouldn't be any data loss from these steps. That being said, please be careful.
rm $JFROG_HOME/var/etc/artifactory/security/access/access.admin.token
rm $JFROG_HOME/var/etc/security/join.key
Try to start Artifactory
After deleting the above table rows and removing these files, restart the Artifactory instance. It should come online and you can begin the process to recover from the loss of the key.
Please note that if you missed one of the above steps, new partially-encrypted data will be regenerated and you'll still get a mismatch error. If your first attempt doesn't work, please try following the whole procedure from the top, a step was probably missed.
The database password in the $JFROG_HOME/etc/system.yaml is encrypted by the master key file. Replace this encrypted password in this file with the original, plain text password.
Locate the $JFROG_HOME/etc/artifactory/binarystore.xml file, then identify any terms starting with "JE" or "AM" and remove them. Make sure to replace the removed sections with the original plaintext values.
Before proceeding with the next step, please make a backup your database schema by taking a database dump. After the information is backed up and saved, we next need to delete a series of rows which were encrypted by the lost key.
These rows are either temporary or are encrypted files from the file system, so there shouldn't be any data loss from these steps. That being said, please be careful.
Delete Encrypted Rows from DB Tables:
These queries remove the encrypted rows from the database, they start with "JE" (Short for "JFrog Encryption").
DELETE FROM access_configs WHERE data LIKE 'JE%'; DELETE FROM access_users_custom_data WHERE PROP_VALUE LIKE 'JE%'; DELETE FROM access_master_key_status WHERE status = 'on'; DELETE FROM configs WHERE data LIKE 'JE%'; DELETE FROM master_key_status WHERE status = 'on';
If the embedded JFrog Mission Control has been enabled:
If you see these lines in your Artifactory system.yaml, or know that Mission Control has been enabled in this Artifactory installation, you need to perform an additional delete action as these MC tables, they are also encrypted.
#If you see this in the system.yaml, remove the MC encrypted table rows mc: enabled: true
Proceed to remove the "mc" table rows:
DELETE FROM mc_cluster_info WHERE property_key='master_key_hash'; DELETE FROM mc_token WHERE token_value LIKE 'JE%';
Remove Encrypted Files
Finally, remove the following files from the Artifactory file system. They contain encrypted text too. These are temporary files and they will regenerate as long as they are not present during the next startup.
rm $JFROG_HOME/var/etc/artifactory/security/access/access.admin.token
rm $JFROG_HOME/var/etc/security/join.key
Try to start Artifactory
After deleting the above table rows and removing these files, restart the Artifactory instance. It should come online and you can begin the process to recover from the loss of the key.
Please note that if you missed one of the above steps, new partially-encrypted data will be regenerated and you'll still get a mismatch error. If your first attempt doesn't work, please try following the whole procedure from the top, a step was probably missed.