Using the latest JFrog products?
JFrog Platform User Guide


Skip to end of metadata
Go to start of metadata

Overview

JFrog join.key feature establishes trust between the JFrog services based on the AES-128 bit symmetric encryption. This feature is an alternative to the basic authentication trust method.

This feature is an alternative to basic authentication trust, whereby services are required to share an admin’s Username-Password pair as a common secret. The join.key is used internallyfor creating trust between microservices of the same service, for example between Artifactory and Access.

Once trust is established (meaning the join.key is shared between all the different services), the services can continue using the standard token-based authentication for communication. This is accomplished by having each service create the tokens used for the inter-service communication and signing those tokens with the join.key.

If the join.key is not identical on the trusted services, communication between services fails.

Page Contents


Managing the join.key

By Default, a join.key is automatically generated and stored in the Access database during Access startup.

The join.key is then automatically copied by Access to Artifactory over the file system and is re-provisioned every time the services are restarted.
Access shares the join.key with Artifactory by copying it to the following location:

$ARTIFACTORY_HOME/etc/security/join.key

Upgrading to Artifactory 6.8 automatically initiates and generates the join.key mechanism.

Creating Your Own join.key

Instead of using the auto-generated join.key, you can create your own and use it for the pairing process:

  1. Create anAES-128 bit key and paste it in a file.

  2. Save the file asjoin.key.

  3. Copy the file to the following location on Access.

    $ACCESS_HOME/etc/keys/join.key

Access will then use the provided join.key instead of the auto-generated one, save it to its database, and share it with Artifactory.

Managing join.keys in HA

There should only be one join.key per HAcluster since the Access database is shared across all nodes of an HA cluster.

In case a join key is provided and not generated by the system, it can be provided to a single cluster node as it will be propagated to all nodes of the cluster by the system.

  • 没有标签