Create an automatic admin token

JFrog Installation & Setup Documentation

Content Type
Installation & Setup
ft:sourceType
Paligo

From Artifactory release 7.38.4.

JFrog enables companies to create their own admin-scoped access token without using the JFrog Platform UI or via another token. This Access admin-scoped token is designed to be used for a short time only and its purpose is to start up the system. This provides customers with the option of setting up their JFrog Platform in an automated, fully UI-free setup.

To securely-generate the "first" admin-scoped access tokens, without relying on a previous token or basic credentials:

Generate an admin-scoped token by placing a generate.token.json file under the /var/bootstrap/etc/access/keys directory.

For example:

/var/bootstrap/etc/access/keys/generate.token.json

When bootstrapping, if this file is created, this will generate a token and set it under the /var/etc/access/keys/ directory.

For example:

/var/etc/access/keys/token.json

The generate.token.json file is deleted from the file system once the token is generated.

The file containing the token, token.json, is deleted by default after one minute. You can change this time period through the access.config.yaml, by modifying the parameter bootstrap-token-delete-in-minutes (in/var/etc/access/access.config.template.yml).

The resulting token's properties are as follows:

  • The generated token is limited to a 15 minute expiry, after which the system will revoke the token.

  • The token is admin-scoped for permissions

  • The token has an audience of access service: jfac@*

  • The token has the subject "admin" - even if the admin user does not exist

Note

For Docker installations, you will need to mount the bootstrap directory.