jf access-token-create
Create an access token. By default, you get a user-scoped token. Administrators can provide scope with --scope, or implicitly with --groups or --grant-admin.
Synopsis
jf access-token-create [username] [options]Aliases: jf atc
Arguments
| Argument | Required | Description |
|---|---|---|
<username> | No | Username for which the token is created. Omit to create for the current user |
Options
| Flag | Short | Default | Description |
|---|---|---|---|
--url | — | — | JFrog Platform URL |
--user | — | — | JFrog username |
--password | — | — | JFrog password |
--access-token | — | — | JFrog access token for authentication |
--server-id | — | — | Server ID from jf config |
--project | — | — | JFrog project key |
--grant-admin | — | false | Grant admin privileges (administrators only) |
--groups | — | — | Comma-separated list of groups (administrators only) |
--scope | — | — | Token scope (administrators only) |
--expiry | — | platform default | Token expiry in seconds. Use 0 for never-expiring |
--refreshable | — | false | Create a refreshable token |
--description | — | — | Free-text token description (max 1024 characters) |
--audience | — | — | Space-separated list of Service-IDs that accept this token |
--reference | — | false | Generate a Reference Token (Artifactory 7.38.10+) |
Examples
Create a Token for the Current User
jf atcThe command creates a token for the authenticated user. You must have a configured server or pass --url and --access-token.
Create a Token for a Specific User
jf atc <username> --url=<your-server-url> --access-token=<your-token>Administrators create tokens for other users by specifying the username and credentials.
Create a Refreshable Token
jf atc --refreshable --expiry=3600The token is refreshable, and a refresh token is returned for renewing it when it expires.
Important Notes
- Default scope: Without
--scope,--groups, or--grant-admin, the token has the same permissions as the creating user. - Expiry: If you don't set
--expiry, the platform's default token expiry applies. Use--expiry=0for a token that never expires (use with caution). - Reference tokens: Use
--referenceto create a reference token (available in Artifactory 7.38.10+). Reference tokens are stored in the database and can be revoked individually. - Refreshable tokens: Use
--refreshableto get a refresh token alongside the access token. This is useful for long-running CI/CD pipelines that may outlive the token's expiry. - Admin-only flags:
--grant-admin,--groups, and--scoperequire admin privileges. Non-admin users can only create tokens for themselves. - Security: Tokens are displayed only once at creation time. Store them securely. If lost, create a new token.
Updated 8 days ago