Access provides a flexible means of configuration using a simple YAML configuration file found in the $JFROG_HOME/artifactory/var/etc/access
folder. You can make a single change at a time or multiple configuration changes as needed, to create, update and delete any elements in Access.
Take care when modifying Access configurations
Modifying the Access configurations is an advanced feature, and if done incorrectly may render Access in an undefined and unusable state. Since it is easy to overwrite configurations, we strongly recommend backing up the configuration YAML file before making any direct changes, and taking great care when doing so.
Master.key Load and Retention in Memory
To improve security around the storage of the master.key, from Artifactory version 7.29.7, JFrog supports loading the master key at startup and keeping it in memory. This is achieved by removing the master key from the file system by each application, after it was read by the application node during bootstrapping.
Important
Before every restart, you need to place the master.key
file in the filesystem.
Remember to keep the master.key in a separate, safe location.
To use this capability you need to do the following steps:
Enable the master key removal by setting the flag
shared.security.masterKeyExternal
to trueFetch the master key and place it in the correct path on the application's file system whenever a new node is bootstrapped
When the flag above is set to true:
The router removes the
master.key
file once each service is up and running.Pipelines will not generate a master key and instead read the master key from the database.