How do Binding Tokens Differ from a Circle of Trust?

JFrog Platform Administration Documentation

Content Type
Administration / Platform

A "Circle of Trust" is established by sharing a public certificate among all participating instances. It is up to the service administrator to make sure that all participating instances are equipped with the certificates. This means that any instance can generate a token to be used with any other instance within the Circle of Trust. In essence, a Circle of Trust means that a service will verify access token signatures against all trusted certificates, including ones generated by other services and set as 'trusted' as part of the Circle of Trust.

Binding tokens provide a narrowed trust scope for those customers that do not wish to provide full access to the other JPDs, and also full self-service for Cloud Enterprise customers that can build customizable binding to the other JPDs on their own.

Binding tokens enable admins to create trust between managed JFrog Platform Deployments (JPDs) once the JPDs have been added to the Mission Control instance, thus simplifying the setup across JPDs. This makes it possible to support use cases such as Federated Repositories for Cloud customers.

Circle of Trust for Self-hosted Customers

JFrog Platform will continue to support the Circle of Trust method for Self-hosted customers that allow full access to other JPDs.

From Artifactory version 7.33.8, the JFrog Platform enables you to manage your binding tokens through both the Platform UI (in the Platform Deployments tab in the Administration module).

To create binding tokens in the UI, you will need to make sure of the following: