Add a JFrog CLI Server Configuration

Use jf config add to register a JFrog Platform connection in the JFrog CLI so that subsequent commands can authenticate. You can add a server through interactive prompts or by passing flags for automation and continuous integration and continuous delivery (CI/CD). This topic summarizes command syntax and walks through the most common ways to add a configuration.

This topic covers:

Add a server interactively
Add a server non-interactively with an access token
Add a server non-interactively with a username and password
Add a server non-interactively with credentials from standard input

Synopsis

jf config add <server-id>

Aliases: none

Where:

<server-id>:Optional unique ID for this server configuration. If you omit this argument, the JFrog CLI uses the ID Default-Server (run jf config add with no server ID, then add any flags you need). See the Options table for non-interactive flags such as --url and --access-token.

Arguments

The following table describes command arguments.

Argument	Required	Description
`server-id`	No	Unique ID for this server configuration. If omitted, the ID `Default-Server` is used.

Options

The following table describes command options, including OpenID Connect (OIDC) parameters for token exchange.

Flag	Default	Description
`--interactive`	`true`	Set to `false` to skip interactive prompts
`--url`	—	JFrog Platform URL. Required when `--interactive=false`.
`--artifactory-url`	—	JFrog Artifactory URL
`--distribution-url`	—	JFrog Distribution URL
`--xray-url`	—	JFrog Xray URL
`--mission-control-url`	—	JFrog Mission Control URL
`--pipelines-url`	—	JFrog Pipelines URL
`--user`	—	JFrog username
`--password`	—	JFrog password or API key
`--access-token`	—	JFrog access token
`--ssh-key-path`	—	Path to SSH key file
`--ssh-passphrase`	—	SSH key passphrase
`--client-cert-path`	—	Path to client certificate PEM file
`--client-cert-key-path`	—	Path to client certificate key PEM file
`--basic-auth-only`	`false`	Use basic authentication only
`--insecure-tls`	`false`	Skip TLS certificate verification
`--overwrite`	`false`	Overwrite existing server configuration with the same ID
`--enc-password`	`true`	Store password encrypted
`--password-stdin`	`false`	Read password from standard input
`--access-token-stdin`	`false`	Read access token from standard input
`--oidc-provider-name`	—	OIDC provider name for token exchange
`--oidc-token-id`	—	OIDC token ID
`--oidc-audience`	—	OIDC audience
`--oidc-provider-type`	—	OIDC provider type
`--application-key`	—	JFrog application key
`--disable-token-refresh`	`false`	Disable automatic token refresh

Examples

Interactive Add

The JFrog CLI walks you through URL and authentication choices. You do not need flags unless you want to name the server explicitly.

To add a server interactively:

Run one of the following. Replace <server-id> with your chosen ID, or omit the argument to use the default ID Default-Server.
```
jf config add <server-id>
```
Where:
- <server-id>: Optional unique ID for this server. Omit jf config add's first argument entirely if you want Default-Server.
For example:
```
jf config add my-server
```
Or:
```
jf config add
```
Complete the prompts. The JFrog CLI asks for:
- JFrog Platform URL.
- Authentication method (access token, username and password, or single sign-on (SSO)).
- The selected credentials.
- Whether to allow insecure TLS (self-signed certificates).

On success, the configuration is saved. Verify with jf config show <server-id> if needed.

Non-Interactive Add with Access Token

To add a server non-interactively with an access token:

Run the following command with your platform URL and token. Use --interactive=false so the JFrog CLI does not prompt.
```
jf config add <server-id> --url=<your-server-url> --access-token=<Token> --interactive=false
```
Where:
- <server-id>: Unique ID for this server configuration.
- <your-server-url>: Base URL of your JFrog Platform (for example, https://acme.jfrog.io/).
- <Token>: Your JFrog access token. Do not paste real tokens into shared logs or documentation.
For example:
```
jf config add prod-server --url=https://acme.jfrog.io/ --access-token=<Token> --interactive=false
```

On success, the command exits 0 with no output. Verify with jf config show <server-id>.

📘
Note
If your access token is a reference token (not a JSON Web Token (JWT)), the JFrog CLI prints a warning that it cannot extract the token payload. The configuration is still saved. If you use package managers that require basic authentication (for example, npm or Maven), also supply --user=<username> alongside the token.

Non-Interactive Add with Username and Password

To add a server non-interactively with a username and password:

Run the following command:

jf config add <server-id> --url=<your-server-url> --user=<username> --password=<password> --interactive=false

Where:

<server-id>: Unique ID for this server configuration.
<your-server-url>: Base URL of your JFrog Platform.
<username>: JFrog username.
<password>: Password or API key.

For example:

jf config add prod-server --url=https://acme.jfrog.io/ --user=build-bot --password=<password> --interactive=false

On success, the command exits 0 with no output. Verify with jf config show <server-id>.

Non-Interactive Add via Standard Input (CI/CD Recommended)

For CI/CD pipelines, pipe credentials through standard input to avoid exposing them in process listings.

To add a server non-interactively using a token from standard input:

Pipe the token into the JFrog CLI:
```
echo "$MY_TOKEN" | jf config add <server-id> --url=<your-server-url> --access-token-stdin --interactive=false
```
Where:
- <server-id>: Unique ID for this server configuration.
- <your-server-url>: Base URL of your JFrog Platform.
- $MY_TOKEN: Environment variable or secret holding the access token (not shown in the command line).
For example:
```
echo "$MY_TOKEN" | jf config add ci-server --url=https://acme.jfrog.io/ --access-token-stdin --interactive=false
```

Important Notes

Server ID restrictions. The server ID cannot be delete, use, show, or clear. These words are reserved. Use descriptive names like my-server, prod-artifactory, or ci-server.
--url is required for non-interactive use. When --interactive=false, you must provide --url. Omitting it silently creates an incomplete configuration that exits 0 but cannot be used for any operations.
Default server selection. The first server you add becomes the default. If you already have more than one server, a newly added server is not set as the default; the existing default is unchanged. Run jf config use <server-id> to switch the default.
Encryption. If JFROG_CLI_ENCRYPTION_KEY is set when you add a configuration, the credentials are encrypted. You must set the same key in every session that uses this configuration. If you lose the key, remove the configuration and re-add it.
Token refresh. By default, the JFrog CLI exchanges username and password for an access token and refreshes it automatically. Use --basic-auth-only to disable this behavior if you need compatibility with external tools. Use --disable-token-refresh to prevent automatic token refresh.
Overwriting. If a server with the same ID already exists, the command fails unless you pass --overwrite.
Password from standard input. For CI/CD security, use --password-stdin or --access-token-stdin to pipe credentials instead of passing them as command-line arguments (which may appear in process listings).
Configuration storage. Configuration is stored under the JFrog CLI home directory (default ~/.jfrog/, file jfrog-cli.conf.v6). Override the directory with the JFROG_CLI_HOME_DIR environment variable.