Step 2: Establish a Secure Connection for Distribution Between the Source Artifactory and the Artifactory Edge Nodes

JFrog Distribution Documentation
Products
JFrog Distribution
Content Type
User Guide
ft:sourceType
Paligo

Use one of the following methods to connect Artifactory and the Edge nodes.

Using a Pairing Token

From Artifactory version 7.29.7, the recommended method for connecting between the source Artifactory and the Artifactory Edge nodes is the pairing token.

  1. In the Administration tab, go to User Management | Access Tokens | Pairing Token.

  2. In the Generate Pairing Token for field, select the purpose of the pairing token.

  3. Click Generate to generate the token.

    This displays the token window, which includes the token's expiration (in seconds, set by default to 300 seconds = 5 minutes), the token ID, and the actual token, which you can copy by clicking Copy.

Using the Scoped Tokens API (Manual)

Creating a connection using the scoped token API requires generating a token on the Edge node that is scoped for Distribution, and then providing that token to the SaaS Artifactory. To do this you will need to do the following.

  1. Generate a scoped token using the Create Token REST API.Create a Token

    For example:

    curl -X POST http://localhost:8084/access/api/v1/service_trust/pairing/mission-control -H "Authorization: Bearer $TOKEN"

  2. Copy the token.

  3. Upload the token to the SaaS instance using the REST API.

Establishing a Circle of Trust

Establish trust between servers by establishing a "Circle of Trust" between the SaaS environment and the Self-hosted Artifactory Edge node. To do that you will need to do the following:

  1. Make the Edge node trust the Artifactory SaaS instance by doing the following:

    1. Obtain the root.crt from the Artifactory SaaS instance by running the Get Root Certificate REST API against the SaaS instance.Get Root Certificate

    2. Set the root.cert received in step 1 above as the trusted certificate in each Edge node by copying the service’s root certificate to the new Edge service’s $JFROG_HOME /artifactory/var/etc/access/keys/trusted folder.

  2. Next, make the Artifactory SaaS instance trust the Edge node by doing the following:

    1. Obtain the root.crt from the Edge nodes by running the Get Root Certificate REST API against each Edge.Get Root Certificate

    2. To add the root.cert from the Edges, open a support request to copy the root certificate from step 2a to your SaaS instance.

Note

From release 7.29.7, paired tokens are the default option used for connecting the source and node. If you are unable to upgrade your self-hosted instance, or need to continue using the circle of trust, refer to the explanation above.