Access Token Management
Access tokens are the primary mechanism for authenticating with the JFrog Platform. The JFrog CLI lets you create scoped, time-limited tokens directly from the command line, so you don't need the UI.
Prerequisite
Before running any command in this section, configure a JFrog server with jf config add. Alternatively, pass --url and --access-token inline on each command. If you have not set up the CLI yet, start with the Quick Start guide
Available Commands
The following table lists the access token command that JFrog CLI exposes.
| Command | Alias | Description |
|---|---|---|
jf access-token-create | jf atc | Create an access token for the current user or (admin only) for another user or group |
Key Concepts
- User-scoped tokens: By default, a new token inherits the permissions of the user who created it.
- Admin tokens: Administrators can expand scope with
--scope,--groups, or--grant-admin. - Refreshable tokens: Pass
--refreshableto receive a refresh token that can generate a new access token when the original expires. Useful for long-running continuous integration and delivery (CI/CD) pipelines. - Reference tokens: Pass
--referenceto get a short alias token in addition to the full access token (requires Artifactory 7.38.10+). - Expiry: Tokens expire after the platform default (typically 1 year) unless you set
--expiry. Non-admin users cannot exceed the platform default. Use--expiry=0for a never-expiring token (admin only, use with caution). - One-time display: Access tokens are shown only once at creation time. Store them securely immediately.