The site that you are currently viewing is a static version of the Software Factory documentation delivered with the

version v7.2.
For up-to-date documentation, see the latest version.

Secrets, Tokens and Credentials in Artifactory

This document lists all secrets, tokens and credentials that can be configured and managed by an administrator user in JFrog Artifactory.

List of credentials

Credentials typeUsageOfficial documentation linkComment
Tokens
Access TokenJWT issued for API authAccess Tokens
Identity Scoped TokenUser‑generated, limited‑permission scoped tokenUnderstanding identity tokens
Admin Scoped TokenUsed for elevated administrative capabilitiesCreate admin scoped token
Project Admin TokenUsed to perform project‑level administrative actionsCreate project admin token
User Scoped TokenTied to a specific user, allowing actions based on that user’s existing permissionsCreate user scoped token
Group Scoped TokenGroup specific token, allowing actions based on groups permissionsCreate group scoped token
Keys
SSH KeysGit LFS Integration/Git WorkflowsManage SSH Keys
Other
Username/passwordUser AuthenticationSecurity configuration
Multi-factor authentication (MFA)Higher level of security when accessing JFrog ArtifactoryMulti-factor Authentication
mTLSMutual TLS authentication via reverse proxymTLS
API KeysREST API authenticationAPI KeyDeprecated
Note

Not mentioned in the table: all scoped tokens can have a reference token created. It is a shorter 64 character string that references the actual token.

Credential Configuration Parameters

This section lists all parameters available for credential configuration. Each parameter can be set by an administrator through the Administration Module UI or defined in a configuration file.

Single Sign-on Authentication

Software Factory recommends implementing SAML-based authentication for Single Sign-On (SSO).

Using native users and groups should be avoided.

Credentials typeParametersConfiguration locationAdmin panel configurationDefault configurationRecommendationOfficial documentation link
Login/passwordPassword Expiration PolicyOnly in UIAdministration Modulel > Security > General > Password Expiration PolicyDisabled90 daysPassword Expiration Policy
Password complexity$JFROG_HOME/artifactory/var/etc/access/access.config.latest.ymlNot possibleDefault valuesRecommended valuesPassword Complexity
Remember Me cookieartifactory.security.disableRememberMe in $JFROG_HOME/artifactory/var/etc/artifactory.system.propertiesNot possibleEnabledDisabledRemember Me cookie
Access TokensDefault Token Expirationtoken.default-expiry in $JFROG_HOME/artifactory/var/etc/access/access.config.latest.ymlAdmin Panel > Security > General > Token expiration31536000 seconds (1 year)7776000 seconds (90 days)Token expiration
Max Token Expirationtoken.max-expiry in $JFROG_HOME/artifactory/var/etc/access/access.config.latest.ymlNot possible0 (non-expiring)7776000 seconds (90 days)Token expiration
Revocable expiry threshold$JFROG_HOME/artifactory/var/etc/access/access.config.latest.ymlNot possible21600 seconds (6 hours)21600 seconds (6 hours)Revocable expiry threshold
Persistency threshold$JFROG_HOME/artifactory/var/etc/access/access.config.latest.ymlNot possible10800 seconds (3 hours)10800 seconds (3 hours)Persistency Threshold
API KeysDeprecatedDisable API Keys

API Key Recommendation

Warning

API Key has been EOL in Q4 2024. It is recommended to disable its usage and start using reference tokens.

To disable API Key: as admin, go to Administration Module > Security > General and check> the Disable API Key Usage option.

Default password complexity settings

Default configuration for password complexity for Artifactory when using native user authentication (not recommended).

  password-policy: # users' password policy
    uppercase: 0                 # minimum number of uppercase letters that the password must contain
    lowercase: 0                 # minimum number of lowercase letters that the password must contain
    special-char: 0              # minimum number of special char that the password must contain.
                                 # Special chars list between double quotes " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"
    digit: 0                     # minimum number of digits that the password must contain
    length: 4                    # minimum length of the password
    cannot-match-username: true  # If true, the password cannot be changed to match the username (case-insensitive)
    not-match-old: true          # should Access allow setting a new password to the same one currently set for the user

Recommended password complexity configuration for Artifactory when using native user authentication (not recommended).

  password-policy: # users' password policy
    uppercase: 1                 # minimum number of uppercase letters that the password must contain
    lowercase: 1                 # minimum number of lowercase letters that the password must contain
    special-char: 1              # minimum number of special char that the password must contain. Special chars list
                                 # between double quotes " !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~"
    digit: 1                     # minimum number of digits that the password must contain
    length: 12                   # minimum length of the password
    cannot-match-username: true  # If true, the password cannot be changed to match the username (case-insensitive)
    not-match-old: true          # should Access allow setting a new password to the same one currently set for the user