Join Key

JFrog Installation & Setup Documentation

Content Type
Installation & Setup

The JFrog join key feature establishes trust between the JFrog services based on symmetric encryption (AES-128 bit or AES-256 bit). The join.key is used internally for creating trust between microservices of the same service, for example between Artifactory and Access.

You can also use pairing tokens to establish communication between services.

Join Key issue when you upgrade to Artifactory 7.59.9 - 7.63.7

If you used Join Key to register a remote JPD, the Mission Control microservice in the home JPD fails to connect to the remote JPD and the remote JPD appears as offline in the topology after a certain period.


This issue occurs because the Access microservice in the remote JPD fails to recognize the Mission Control microservice of the home JPD and marks it as a stale service. When the Access cleanup process runs, the join key is revoked.


As a result, you cannot distribute release bundles to the remote JPD, access federation with the remote JPD fails, and affects your license buckets.


To avoid this issue, you must re-register the remote JPDs that you registered using join keys with Pairing Tokens before you upgrade.

If you upgraded to an affected version, you must re-register the remote JPDs with Pairing Tokens so the remote JPDs are accessible again.

Once trust is established (meaning the join.key is shared between all the different services), the services can continue using the standard token-based authentication for communication. This is accomplished by having each service create the tokens used for the inter-service communication and signing those tokens with the join.key.

Access will then use the provided join.key instead of the auto-generated one, save it to its database, and share it with Artifactory.

For automation purposes, we recommend that you generate your own Join Key and share it with every new instance.


If the join.key is not identical on the trusted services, communication between services fail.