From Artifactory release 7.38.4.
JFrog enables companies to create their own admin-scoped access token without using the JFrog Platform UI or via another token. This Access admin-scoped token is designed to be used for a short time only and its purpose is to start up the system. This provides customers with the option of setting up their JFrog Platform in an automated, fully UI-free setup.
To securely-generate the "first" admin-scoped access tokens, without relying on a previous token or basic credentials:
Generate an admin-scoped token by placing a generate.token.json
file under the /var/bootstrap/etc/access/keys
directory.
For example:
/var/bootstrap/etc/access/keys/generate.token.json
When bootstrapping, if this file is created, this will generate a token and set it under the /var/etc/access/keys/
directory
.
For example:
/var/etc/access/keys/token.json
The generate.token.json
file is deleted from the file system once the token is generated.
The file containing the token, token.json
, is deleted by default after one minute. You can change this time period through the access.config.yaml
, by modifying the parameter bootstrap-token-delete-in-minutes
(in/var/etc/access/access.config.template.yml
).
The resulting token's properties are as follows:
The generated token is limited to a 15 minute expiry, after which the system will revoke the token.
The token is admin-scoped for permissions
The token has an audience of access service: jfac@*
The token has the subject "admin" - even if the admin user does not exist
Note
For Docker installations, you will need to mount the bootstrap directory.