Subscription Information
This feature is supported with Enterprise X and Enterprise+ licenses.
The JFrog Platform integration with HashiCorp Vault enables you to configure an external vault connector to use as a centralized secret management tool for the keys used to sign packages. The JFrog Platform integration with vault supports multiple signing key types, such as GPG or RSA used to sign packages or release bundles. This allows you to store JFrog Platform signing keys that are used for packages authentication in several formats such as Debian, Opkg and YUM or signing JFrog Distribution Release Bundles.
Vault integration provides you with capabilities such as:
Generate and manage the keys used to sign packages in a centralized tool if you have established security and compliance policies in your organization.
Rotate keys regularly, such as on a monthly or quarterly basis.
Maintain multiple secrets through a vault.
Note
Vault integration does not support HCP Vault.