Log into the JFrog Platform UI as "admin".
Create the Access Token that Vault will use to interact with Artifactory. Or use the . See
get-access-key.sh
in Terraform Artifactory Provider.Click JFrog Platform UI | User Management | Access Tokens | Generate Token.
Use the following parameters.
Token Type: Scoped Token
Description: (optional) vault-plugin-secrets-artifactory (Note: This will be lost on admin token rotation, because it is not part of the token.)
Username: vault-admin (for example)
Service: Artifactory (or you can leave it on "All")
Expiration time: Never (do not set the expiration time less than 7h, since by default, it will not be revocable once the expiration is less than 6h)
Save the generated token as the environment variable
TOKEN
.
Alternatively:
Use the Create Token REST API, and save the access_token from the JSON response as the environment variable
TOKEN
.Use getArtifactoryAdminToken.sh.
export JFROG_URL=https://artifactory.example.org export ARTIFACTORY_USERNAME=admin export ARTIFACTORY_PASSWORD=password TOKEN=$(scripts/getArtifactoryAdminToken.sh)
Vault Configuration
vault write artifactory/config/admin \ url=https://artifactory.example.org \ access_token=$TOKEN
Optionally, rotate the admin token, so that only vault knows it.
vault write -f artifactory/config/rotate
Note
Some versions of Artifactory (notably 7.39.10) fail to rotate correctly. We recommend being on 7.42.1 or higher.
Also, if you want to change the username for the admin token (tired of it just being "admin"?) or set a "Description" on the token, those parameters are optionally available on the artifactory/config/rotate
endpoint.
vault write artifactory/config/rotate username="new-username" description="A token used by vault-secrets-engine on our vault server"`
Bypass TLS connection verification with Artifactory
To bypass TLS connection verification with Artifactory, set bypass_artifactory_tls_verification
to true.
vault write artifactory/config/admin \ url=https://artifactory.example.org \ access_token=$TOKEN \ bypass_artifactory_tls_verification=true
Optionally, check the results.
vault read artifactory/config/admin
Sample Output
Key Value --- ----- access_token_sha256 74834a86b2082750201e2a1e520f21f7bfc7d4026e5bd2b075ca2d0699b7c4e3 bypass_artifactory_tls_verification false scope applied-permissions/admin token_id db0002b0-af08-486c-bbad-b255a3cc7b31 url http://localhost:8082 use_expiring_tokens false username vault-admin version 7.55.6