Skip to main content

Artifactory Reference Token With Host

Description

General

  • Documentation: https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API

  • Summary: Artifactory is a binary package manager designed to simplify and automate builds and pipelines. Reference Tokens are a type of access token used to authenticate API requests in Artifactory. These tokens are sensitive as they grant access to Artifactory resources, such as repositories, builds, and artifacts.

  • IPs allowlist: As of the time of writing this documentation, IP allowlisting is not supported for Artifactory Reference Tokens.

  • Scopes: Reference Tokens inherit the permissions of the user or service account they are associated with. Permissions can be managed at the user or group level through the Artifactory dashboard.

Revoke the secret

Reference Tokens can be revoked from the user profile in the Artifactory dashboard or programmatically via the Artifactory REST API. Navigate to the User Profile section, locate the token, and delete it to revoke access.

Check for suspicious activity

All access logs for Reference Tokens are stored and accessible through the administration module under Artifactory > System Logs. These logs can be reviewed to monitor token usage and detect suspicious activity.

Details for Artifactory reference token with host

  • Family: token

  • Category: package_registry

  • Company: JFrog

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.7

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - cmvmdgtuoj
- type: ContentWhitelistPreValidator
  patterns:
    - jfrog
    - artifactory

Examples

- text: |
    PASSWORD="cmVmdGtuOjAxOjE3NjE3MzAxMjI6RUNCaklPN2tiWWZJbzRVU1c0QU1111111111"
    ARTIFACTORY_URL="https://jfrog.test.io/artifactory";
  token: cmVmdGtuOjAxOjE3NjE3MzAxMjI6RUNCaklPN2tiWWZJbzRVU1c0QU1111111111
  host: jfrog.test.io

- text: |
    PASSWORD="cmVmdGtuOjAxOjE3NjE3MzAxMjI6RUNCaklPN2tiWWZJbzRVU1c0QU1111111111"
    ARTIFACTORY_URL="https://artifactory.ctz.atocnet.gov.au";
  token: cmVmdGtuOjAxOjE3NjE3MzAxMjI6RUNCaklPN2tiWWZJbzRVU1c0QU1111111111
  host: artifactory.ctz.atocnet.gov.au

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

  • GET: /access/api/v1/tokens/me

Other Calls

No other calls for this analyzer.

Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status