Artifactory Reference Token
Description
General
-
Documentation: https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API
-
Summary: Artifactory is a binary package manager designed to simplify and automate builds and pipelines. Reference Tokens are a type of access token used to authenticate API requests in Artifactory. These tokens are sensitive as they grant access to Artifactory resources, such as repositories, builds, and artifacts.
-
IPs allowlist: As of the time of writing this documentation, IP allowlisting is not supported for Artifactory Reference Tokens.
-
Scopes: Reference Tokens inherit the permissions of the user or service account they are associated with. Permissions can be managed at the user or group level through the Artifactory dashboard.
Revoke the secret
Reference Tokens can be revoked from the user profile in the Artifactory dashboard or programmatically via the Artifactory REST API.
Navigate to the User Profile section, locate the token, and delete it to revoke access.
Check for suspicious activity
All access logs for Reference Tokens are stored and accessible through the administration module under Artifactory > System Logs.
These logs can be reviewed to monitor token usage and detect suspicious activity.
Details for Artifactory reference token
-
Family: token
-
Category: package_registry
-
Company: JFrog
-
High recall: False
-
Validity check available: False
-
Analyzer available: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 1.625
-
Prefixed: False
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- cmvmdgtuoj
Examples
- text: |
_authToken=cmVmdGtuOjAxOjE3NjE3MzAxMjI6RUNCaklPN2tiWWZJbzRVU1c0QU1111111111
token: cmVmdGtuOjAxOjE3NjE3MzAxMjI6RUNCaklPN2tiWWZJbzRVU1c0QU1111111111
