How do Pairing Tokens and Join Keys Differ?

JFrog Platform Administration Documentation

Content Type
Administration / Platform

Pairing tokens replace the join.key that was used in the past in the JFrog Platform to link between services. This type of token is only designed to link cross-topologies (i.e., locally, and not with in a JPD).

The JFrog join.key feature establishes trust between the JFrog services based on symmetric encryption (AES-128 bit or AES-256 bit). The join.key is used internally for creating trust between microservices of the same service, for example between Artifactory and Access.

Pairing tokens provide pairing for a specific purpose use case. They are revocable, and are expected to be used at most once (i.e., revoked after first pairing). The default expiry setting for these tokens is 5 minutes.

  • The subject of the token is the same as the subject of the principal who requested the pairing token

  • The base URL in the extension is mandatory

  • The exchange URL in the extension is mandatory (since the token is signed, this URL can be assumed as trusted)

  • The pairing URL is optional and is used when you need to establish a two-way trust