Access YAML Configuration

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

Access provides a flexible means of configuration using a simple YAML configuration file found in the $JFROG_HOME/artifactory/var/etc/access folder. You can make a single change at a time or multiple configuration changes as needed, to create, update and delete any elements in Access.

Take care when modifying Access configurations

Modifying the Access configurations is an advanced feature, and if done incorrectly may render Access in an undefined and unusable state. Since it is easy to overwrite configurations, we strongly recommend backing up the configuration YAML file before making any direct changes, and taking great care when doing so.

Master.key Load and Retention in Memory

To improve security around the storage of the master.key, from Artifactory version 7.29.7, JFrog supports loading the master key at startup and keeping it in memory. This is achieved by removing the master key from the file system by each application, after it was read by the application node during bootstrapping.

Important

Before every restart, you need to place the master.key file in the filesystem.

Remember to keep the master.key in a separate, safe location.

To use this capability you need to do the following steps:

  1. Enable the master key removal by setting the flag shared.security.masterKeyExternal to true

  2. Fetch the master key and place it in the correct path on the application's file system whenever a new node is bootstrapped

When the flag above is set to true:

  • The router removes the master.key file once each service is up and running.

  • Pipelines will not generate a master key and instead read the master key from the database.