Access Token Management

Access tokens are the primary mechanism for authenticating with the JFrog Platform. The JFrog CLI lets you create scoped, time-limited tokens directly from the command line — no UI required.

📘
Prerequisite
Before running any command in this section, configure a JFrog server with jf config add. Alternatively, pass --url and --access-token inline on each command. If you have not set up the CLI yet, start with the Quick Start guide.

Available Commands

Command	Alias	Description
`jf access-token-create`	`jf atc`	Create an access token for the current user or (admin only) for another user or group

Key Concepts

User-scoped tokens: By default, a new token inherits the permissions of the user who created it.
Admin tokens: Administrators can expand scope with --scope, --groups, or --grant-admin.
Refreshable tokens: Pass --refreshable to receive a refresh token that can generate a new access token when the original expires. Useful for long-running CI/CD pipelines.
Reference tokens: Pass --reference to get a short alias token in addition to the full access token (requires Artifactory 7.38.10+).
Expiry: Tokens expire after the platform default (typically 1 year) unless you set --expiry. Non-admin users cannot exceed the platform default. Use --expiry=0 for a never-expiring token (admin only, use with caution).
One-time display: Access tokens are shown only once at creation time. Store them securely immediately.