How to set a password policy in Artifactory

Disha Meswania
2020-08-27 11:46


Setting up a password policy based on organisational limitations or security recommendations for Artifactory. 


This can be done using the configuration changes in Access YAML file. This file is present in $JFROG_HOME/artifactory/var/etc/access folder in Artifactory 7.x and in $ACCESS_HOME/etc i.e. $ARTIFACTORY_HOME/access/etc folder in Artifactory 6.x.

In this configuration file, there a number of configurations that can be set for Access service related settings, including the password policy as per below:security:
password-policy: # users' password policy
uppercase: 0 # minimum number of uppercase letters that the password must contain
lowercase: 0 # minimum number of lowercase letters that the password must contain
digit: 0 # minimum number of digits that the password must contain
length: 4 # minimum length of the password
not-match-old: true # should access allow setting a new password to the same one currently set for the user