Automatic Admin Token Creation
Create admin-scoped bootstrap tokens via generate.token.json in /var/bootstrap/etc/access/keys (Artifactory 7.38.4+).
From Artifactory release 7.38.4.
JFrog enables companies to create their own admin-scoped access token without using the JFrog Platform UI or via another token. This admin-scoped token is designed for short-term use during system startup, giving customers the option to set up their JFrog Platform in an automated, fully UI-free manner.
To securely generate the first admin-scoped access token without relying on a previous token or basic credentials:
Generate an admin-scoped token by placing a generate.token.json file under the /var/bootstrap/etc/access/keys directory. For example:
/var/bootstrap/etc/access/keys/generate.token.jsonWhen bootstrapping, if this file exists, a token is generated and placed in the /var/etc/access/keys/ directory. For example:
/var/etc/access/keys/token.jsonThe generate.token.json file is deleted from the file system once the token is generated.
The file containing the token, token.json, is deleted by default after one minute. To change this period, modify the bootstrap-token-delete-in-minutes parameter in access.config.yaml (located at /var/etc/access/access.config.template.yml).
The resulting token has the following properties:
- The generated token expires after 15 minutes, and is revoked by the system.
- The token has admin-scoped permissions
- The token has an audience of access service: jfac@*
- The token has the subject "admin" - even if the admin user does not exist
Note
For Docker installations, mount the bootstrap directory.
Updated 11 days ago