JFrog Platform Configurations

Web Sign-in to the JFrog Platform

Use the jf login command to authenticate with the JFrog Platform through a web browser. This command is solely interactive; it does not receive any options and cannot be used in a CI server.

Create Access Tokens

Use this command to create Access Tokens in the JFrog Platform. By default, a user-scoped token is created. Administrators can provide the scope explicitly with --scope, or implicitly with --groups or --grant-admin.Access Tokens

Commands Arguments

Parameter	Command / Description
Command name	access-token-create
Abbreviation	atc
Command arguments:
username	The username for whom you are creating the token. If not specified, the token is created for the current user.
Command options:
`--audience`	[Optional] Specifies a space-separated list of the other instances or services, identified by their Service-IDs, that should accept this token.
`--description`	[Optional] Provides a free text description for the token. This is useful for filtering and managing tokens and is limited to 1024 characters.
`--expiry`	[Optional] The amount of time, in seconds, until the token expires. This value must be non-negative. If not provided, the platform default is used. To specify a token that never expires, set the value to zero. Non-administrators may only set a value that is equal to or lower than the platform default.
`--grant-admin`	[Default: false] Set to `true` to provide admin privileges to the access token. This option is only available for administrators.
`--groups`	[Optional] A comma-separated list of groups to associate with the access token. This option is only available for administrators.
`--project`	[Optional] The project for which this token is created. Enter the project name on which you want to apply this token.
`--reference`	[Default: false] Generate a Reference Token (an alias for an Access Token) in addition to the full token. This is available from Artifactory 7.38.10.
`--refreshable`	[Default: false] Set to `true` to make the token refreshable. A refresh token is also returned to be used to generate a new token after expiration.
`--scope`	[Optional] The scope of access that the token provides. This option is only available for administrators.

Access Tokens Examples

Access Tokens Example 1

Create an access token for the current user on the default server configured by the jf c add command.

jf atc

Access Tokens Example 2

Create an access token for the user with the username toad.

jf atc toad

Add and Edit Configured Servers

The config add or config edit commands add and edit JFrog Platform server configurations, which are stored in JFrog CLI's configuration storage. Other commands can use these configured servers. You can override the configured server details for any command by passing in alternative values for the URL and sign-in credentials. The configured values are saved in a file under the JFrog CLI home directory.

Parameter	Command / Description
Command Name	config add / config edit
Abbreviation	c add / c edit
Command options:
`--access-token`	[Optional] Access token.
`--artifactory-url`	[Optional] Provides the JFrog Artifactory URL (for example, acme.jfrog.io/artifactory).
`--basic-auth-only`	[Default: false] For Artifactory authentication. Set to `true` to disable replacing the username and password/API key with an automatically created access token.
`--client-cert-key-path`	[Optional] Private key file for the client certificate in PEM format.
`--client-cert-path`	[Optional] Client certificate file in PEM format.
`--dist-url`	[Optional] Distribution URL. (example: `https://acme.jfrog.io/distribution`)
`--enc-password`	[Default: true] If true, the configured password will be encrypted using Artifactory's encryption API before being stored. If false, the configured password will not be encrypted.Get User Encrypted Password
`--insecure-tls`	[Default: false] Set to true to skip TLS certificates verification, while encrypting the Artifactory password during the config process.
`--interactive`	[Default: true, unless $CI is true] Set to false if you do not want the config command to be interactive.
`--mission-control-url`	[Optional] JFrog Mission Control URL. (example: `https://acme.jfrog.io/ms` )
`--password`	[Optional] JFrog Platform password.
`--ssh-key-path`	[Optional] For authentication with Artifactory. SSH key file path.
`--url`	[Optional] JFrog Platform URL. (example: `https://acme.jfrog.io`)
`--user`	[Optional] JFrog Platform username.
`--xray-url`	[Optional] Xray URL. (example: `https://acme.jfrog.io/xray`)
`--overwrite`	[Available for config add only] [Default: false] Overwrites the instance configuration if an instance with the same ID already exists.
Command arguments:
server ID	A unique ID for the server configuration.

Remove Configured Servers

The config remove command removes a JFrog Platform server configuration from JFrog CLI's configuration storage.

Parameter	Command / Description
Command name	config remove
Abbreviation	c rm
Command options:
`--quiet`	[Default: $CI] Set to true to skip the delete confirmation message.
Command arguments:
server ID	The server ID to remove. If no argument is provided, all configured servers are removed.

Show Configured Servers

The config show command shows the stored configuration. To show a specific server's configuration, provide its ID as an argument.

Parameter	Command / Description
Command name	config show
Abbreviation	c s
Command arguments:
server ID	The ID of the server to show. If no argument is provided, all configured servers are shown.

Set a Server as Default

The config use command sets a configured server as the default for subsequent commands.

Parameter	Command / Description
Command name	config use
Command arguments:
server ID	The ID of the server to set as default.

Export and Import Configuration

The config export command generates a token that stores a server configuration. The config import command uses this token to import the configuration and save it to JFrog CLI's configuration storage.

Export

Parameter	Command / Description
Command name	config export
Abbreviation	c ex
Command arguments:
server ID	The ID of the server to export

Import

Parameter	Command / Description
Command name	config import
Abbreviation	c im
Command arguments:
server token	The token to import

Sensitive Data Encryption

File-Based Encryption

Starting from version 1.37.0, JFrog CLI supports encrypting sensitive configuration data using an encryption key stored in a file. To enable encryption:

Generate a random 32-character master key. The key must be exactly 32 characters. For example:f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Create a file named security.yaml under ~/.jfrog/security. If you customized the JFrog CLI home directory using the JFROG_CLI_HOME_DIR environment variable, create the file in the configured home directory.
If you've customized the default JFrog CLI home directory by setting the JFROG_CLI_HOME_DIR environment variable, create the security/security.yaml file under the configured home directory.
Add the generated master key to the security.yaml file:
```
version: 1
masterKey: "your master key"
```
Ensure that the security.yaml file has only read permissions for the user running JFrog CLI.

The configuration is encrypted the next time JFrog CLI accesses it. If you have existing configurations, you must reconfigure the servers.

Warning: When upgrading JFrog CLI from a version prior to 1.37.0, the ~/.jfrog directory is backed up to ~/.jfrog/backup. After enabling encryption, it is recommended to remove the backup directory to ensure no sensitive data is left unencrypted.

Environment Variable-Based Encryption

Starting from version 2.36.0, JFrog CLI also supports encryption using a key stored in an environment variable. To enable this method:

Generate a random 32-character master key. Ensure that the key size is exactly 32 characters. For example: f84hc22dQfhe9f8ydFwfsdn48!wejh8A
Store the key in an environment variable named JFROG_CLI_ENCRYPTION_KEY.

The configuration is encrypted the next time JFrog CLI accesses it. If you have existing configurations, you must reconfigure the servers.