To improve security around the storage of the master key, from Artifactory version 7.29.7, JFrog supports loading the master key at startup and keeping it in memory. This is achieved by removing the master key from the file system by each application, after it was read by the application node during bootstrapping.
Important
Before every restart, you will need to place the master.key file in the filesystem.
Remember to keep the master.key file in a separate, safe location.
To use this capability, do the following steps.
Enable the master key removal by setting the flag
shared.security.masterKeyExternal
to true.Fetch the master key and place it in the correct path on the application's file system whenever a new node is bootstrapped.
When the flag above is set to true:
The router removes the master.key file once each service is up and running.
Pipelines will not generate a master key and instead read the master key from the database.