Security Restrictions

JFrog Platform Administration Documentation


To make the JFrog access tokens as secure as possible, there are a few pre-configured values that JFrog uses out-of-the-box that ensure that tokens are managed and can only be used for the right purposes:

  • Scope: If the token scope is a user or a group, you must ensure that that user or group exists on all servers in the circle of trust.

  • Revocability: For security purposes, the JFrog Platform is deployed with default configurations that set every token to be revocable. However, revocable tokens do not work in a circle of trust. This is because revocable tokens are validated against the Access database; with a circle of trust each instance has its own database. Therefore, if a token created in one instance cannot be against the database of another (i.e., the system will assume the token has been revoked, and the authentication will fail).

  • Token type: The following types of tokens are not supported in a Circle of Trust:

    • Reference tokens are not supported in a circle of trust (they always require the token to be in the instance‚Äôs database).

    • UI-generated tokens: Tokens created via the User Profile page are reference tokens and are not supported in a circle of trust.

  • Duration: Because the supported tokens must be defined as non-revocable, Circle of Trust tokens must have an expiry that is less than the revocable-expiry-threshold parameter set in the access.config.yaml (you can see the default in the access.config.yaml). Be aware that this threshold has a special value "-1"; when set, all the tokens that have an expiry will be non-revocable. This setting is more comfortable to use in a Circle of Trust but it is less secure (as the expiry might be set for years).


By default, only the issuing instance can refresh a token. For synchronizing tokens across services, see Access Federation.