Manage Keys

JFrog Installation & Setup Documentation
Content Type
Installation & Setup

This page describes how to create and manage keys, and the best practices to follow.

You can also use pairing tokens to establish communication between services.

Important

Remember to keep the join key, master key, and other trusted keys safe; they should not be shared with external parties.

Master Key

The master key is an AES secret key (128 or 256 bit) that is used by Artifactory to securely synchronize files between cluster nodes. It is used to encrypt and decrypt shared data in the database. The master key is not used for communication between the different JFrog services (unlike the join key).

Each JFrog Platform component has its own master key. In HA environments, all instances of a component must have the same master key value, on all HA nodes.

Join Key

The JFrog join key establishes trust between JFrog services based on symmetric encryption (AES-128 bit or AES-256 bit). The join.key is used between microservices of the same service, for example between Artifactory and Access.

  1. To establish trust, the join key is shared between all JFrog services,

  2. Services use token-based authentication for communication: each service creates tokens and signs them with the join.key.

    If the join.key is not identical on the trusted services, communication between services fails.

For automation purposes, we recommend that you generate your own Join Key and share it with every new instance. Access will then use the provided join.key instead of the auto-generated one, save it to its database, and share it with Artifactory.

View the Join Key

To view the join key in the JFrog Platform:

  1. Go to Administration > Security > General > Connection Details.

  2. In the Current Password field, enter your login password, and click Unlock.

    You can view and copy the key from the Join Key field.

The encrypted key is stored in the file $JFROG_HOME/artifactory/var/etc/security/join.key.

Create keys

By default the join.key and master.key files are automatically generated by Artifactory during the initial start up of the service.

A different key (hexadecimal encoded) can be created using the following command.

openssl rand -hex 16 
/or
openssl rand -hex 32

Bootstrap with your own keys using the system.yaml file

This method only applies if you have installed but not started your service yet.

  1. Save the security section of the system yaml file with the generated string for each key using masterKey parameter for the Master Key and joinKey parameter for the Join Key.

  2. Start the service.

Bootstrap the join key using file system

This method can be used even if you already have a join key.

  1. Save the generated string file as join.key.

  2. Delete the existing join.key from $JFROG_HOME/artifactory/var/etc/security/.

  3. Place each file in the $JFROG_HOME/artifactory/var/bootstrap/access/etc/security directory.

  4. Add the Artifactory permissions to the directories and the join.key file. For example,

    chown -R artifactory:artifactory access/etc/security/join.key

  5. Start the service.