How do Pairing Tokens and Join Keys Differ?

JFrog Platform Administration Documentation


Pairing tokens replace the join.key that was used in the past in the JFrog Platform to link between services. This type of token is only designed to link cross-topologies (i.e., locally, and not with in a JPD).

The JFrog join.key feature establishes trust between the JFrog services based on symmetric encryption (AES-128 bit or AES-256 bit). The join.key is used internally for creating trust between microservices of the same service, for example between Artifactory and Access.

Pairing tokens provide pairing for a specific purpose use case. They are revocable, and are expected to be used at most once (i.e., revoked after first pairing). The default expiry setting for these tokens is 5 minutes.

  • The subject of the token is the same as the subject of the principal who requested the pairing token

  • The base URL in the extension is mandatory

  • The exchange URL in the extension is mandatory (since the token is signed, this URL can be assumed as trusted)

  • The pairing URL is optional and is used when you need to establish a two-way trust