Subscription Information
This feature is supported with the Enterprise+ license.
The Keys Management function in the JFrog Platform enables you to create and control the keys used to encrypt or digitally sign your artifacts - in one central location. This makes it easier for you to manage signing keys throughout your organization.
Using the Keys Managed function, you can configure the following Artifactory security settings:
Signing Keys: Use this tab to manage the GPG and RSA signing keys used to sign packages for authentication and the RSA keys used to sign and verify the Alpine Linux Index files.
Java Keystore: Manage the key store that holds the signing keys used to automatically sign JAR files downloaded from a virtual repository.
Public Keys: Store and manage the public keys used to verify your Release Bundle integrity.
SSH Keys: Configure SSH keys to authenticate requests sent to the JFrog Platform from a Git LFS client or from the JFrog CLI.
To access the Keys Management function, in the JFrog Platform UI, go to the Administration module and then go to Artifactory | Security | Keys Management. This displays the Keys Management window.
 |
The centralized dashboard for creating and managing all signing keys displays the number of configured keys, the type, name, alias, primary resource, and secondary resource.
The Source column provides an indication of whether the key is an uploaded key or a Vault key:
If there are multiple Vault connectors configured in your system, the Source will indicate which configured Vault connector is being used.
If no connector is configured, the key's source will appear as "No connector is configured".
Next, follow the steps for creating and controlling the keys according to the type of key.
Managing Signing Keys for RSA and GPG signing keys
Managing WebStart and Jar Signing for the Java keystore