Skip to main content

Artifactory Token

Description

General

  • Documentation: https://www.jfrog.com/confluence/display/JFROG/Artifactory+REST+API
  • Summary: Artifactory is a binary package manager meant to simplify and automate builds and pipelines. This detector aims at detecting API keys and access tokens.
  • IPs allowlist: This feature is not available, however, two-factor authentication can be enabled.
  • Scopes: Keys have the same permissions as the user they are related too. Permissions can be managed from the dashboard at a user/group level. Access tokens can have the same permissions or a subset of the permissions of the user it belong to.

Revoke the secret

The key can be revoked from the user profile or through the API.

Check for suspicious activity

All access logs are stored and accessible through the administration module under Artifactory|System Logs. More information on this can be found in the documentation.

Details for Artifactory token

  • Family: Api

  • Category: Package registry

  • Company: JFrog

  • High recall: True

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1.31

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- akcp[0-9]

Examples

- text: |
export ARTIFACTORY_URL=http://localhost:8081/artifactory
export ARTIFACTORY_TOKEN=AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM
apikey: AKCp5bueTFpfypEqQbGJPp7eHFi28fBivfWczrjbPb9erDff9LbXZbj6UsRExVXA8asWGc8fM

Details for Artifactory access token

  • Family: Api

  • Category: Package registry

  • Company: JFrog

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.6

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- \.jfrog\.io
- type: ContentWhitelistPreValidator
patterns:
- eyj2zxiioiiyiiwidhlwijoislduiiwiywxnijoiulmyntyilcjrawqioi

Examples

- text: |
curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZydEAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.FT8U4hb2sUoQurTefZopr00P3mVpIetjSM50G_ZCetuq5HzGUSQkQCXiZ9C3RYV95k0A4sjJmSc6Ogaeqvh11s7UJ3WDM5NwoMaGpKmjELmCzEFdqhF7gkz1lc4tm-BrSMWOxfeuuT40u8D9MZbklX0xsFQf36wpzO97Q_fy7uU" \
https://gitguardian.jfrog.io/router/api/v1/system/ping
# audience: artifactory
token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZydEAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.FT8U4hb2sUoQurTefZopr00P3mVpIetjSM50G_ZCetuq5HzGUSQkQCXiZ9C3RYV95k0A4sjJmSc6Ogaeqvh11s7UJ3WDM5NwoMaGpKmjELmCzEFdqhF7gkz1lc4tm-BrSMWOxfeuuT40u8D9MZbklX0xsFQf36wpzO97Q_fy7uU
host: gitguardian.jfrog.io

- text: |
curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJWdC1KdTY4eHVwZjlmOEcyMGE0LWJiaWpOMlp6bHh5V2YwZDRDTXRzUDBnIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiKkAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjUwNjMyNzksImp0aSI6IjExYjhhOTMyLTdhZGMtNDg5OC05MzJjLTA5ZGI2NTEwMjRlMSJ9.rmhvVFnhwR21ncwiDRMBCPesn0DJSZb3Ch2z2JtEROjPeFAAsh8DkzCttEJ2t6Wgm06bZ6MeqvDcOGF9ofGCfCB8t2jVcBH2P8-_-U8Nhv0yzBQJvAg3ONuYsW9tnS8fHfKNQb095gIUgv1c76Ec4v3irqyiq8xFhrTc3HYfNDajRsVxRtd-vRVdlrgWRODENAMLlIuKGBOOS1l3rPZgm8usHZKjtBSRGE73E60WKSAVIh_m4MHKHzpVWMS-5hqZZSxxSp5lM6_0h-C0SuyAT6gHiH1T8VB39O_Zh2AAEmt9qIVWtnYawThfvHmbj2o9C3jNudD3jlHzXMCoYMLHdw" \
https://gitguardian.jfrog.io/router/api/v1/system/ping
# audience: all
token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJWdC1KdTY4eHVwZjlmOEcyMGE0LWJiaWpOMlp6bHh5V2YwZDRDTXRzUDBnIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiKkAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjUwNjMyNzksImp0aSI6IjExYjhhOTMyLTdhZGMtNDg5OC05MzJjLTA5ZGI2NTEwMjRlMSJ9.rmhvVFnhwR21ncwiDRMBCPesn0DJSZb3Ch2z2JtEROjPeFAAsh8DkzCttEJ2t6Wgm06bZ6MeqvDcOGF9ofGCfCB8t2jVcBH2P8-_-U8Nhv0yzBQJvAg3ONuYsW9tnS8fHfKNQb095gIUgv1c76Ec4v3irqyiq8xFhrTc3HYfNDajRsVxRtd-vRVdlrgWRODENAMLlIuKGBOOS1l3rPZgm8usHZKjtBSRGE73E60WKSAVIh_m4MHKHzpVWMS-5hqZZSxxSp5lM6_0h-C0SuyAT6gHiH1T8VB39O_Zh2AAEmt9qIVWtnYawThfvHmbj2o9C3jNudD3jlHzXMCoYMLHdw
host: gitguardian.jfrog.io

- text: |
curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmcnRAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.XhwyHL0SeEs7_By6wz4F6VHex3J2QPJYRaeJ-2ksw0h14ngUmMHnmEBkgJUV9jwNFmaEXjaKO6uwv_332pt4aW3ZtAG3uzF7CeUMW16Bc3xhHgZriBgfIvEFowpbbb_2_BEcfaFRegY6UQWrWAyYZ4n-5x15HraCR64OWGgQNsEYL1Loa9zehVvj8Z9A3jh8iFPqq8lwho5wBWU9BU7cd0f6yEjIv3XTi-bUT_Qrrj9rx9iN3ePXbRViZSzYXM80clHRz7SGyO8kDBV9rqI-7PSbuPD0O14JqlQCaR9hw_k_pZ_J759UO5fVUimkbugEwNcwbj0jNSR1b1Ae_DeZLg" \
https://gitguardian.jfrog.io/router/api/v1/system/ping
# audience: multiple including artifactory
token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmcnRAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.XhwyHL0SeEs7_By6wz4F6VHex3J2QPJYRaeJ-2ksw0h14ngUmMHnmEBkgJUV9jwNFmaEXjaKO6uwv_332pt4aW3ZtAG3uzF7CeUMW16Bc3xhHgZriBgfIvEFowpbbb_2_BEcfaFRegY6UQWrWAyYZ4n-5x15HraCR64OWGgQNsEYL1Loa9zehVvj8Z9A3jh8iFPqq8lwho5wBWU9BU7cd0f6yEjIv3XTi-bUT_Qrrj9rx9iN3ePXbRViZSzYXM80clHRz7SGyO8kDBV9rqI-7PSbuPD0O14JqlQCaR9hw_k_pZ_J759UO5fVUimkbugEwNcwbj0jNSR1b1Ae_DeZLg
host: gitguardian.jfrog.io

Details for Xray access token

  • Family: Api

  • Category: Package registry

  • Company: JFrog

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.02

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- \.jfrog\.io
- type: ContentWhitelistPreValidator
patterns:
- eyj2zxiioiiyiiwidhlwijoislduiiwiywxnijoiulmyntyilcjrawqioi

Examples

- text: |
curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZ4ckAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.ZpGDcUAebnd1sn5zXL0BYd6-Rv-6fKhEdJvKnYzsC28J0wJW0MU5MACmNx_HKWw-Ffr7_06fYJuhphy1XdTjZR6vIfUiQBQRmpFwLScC70MFgD8V-wjh04PkrnHyu6NPjVIg4NCS9IUOltPO3Pd3pzjLxbMG5evyoJ8O5Ucwhug" \
https://gitguardian.jfrog.io/router/api/v1/system/ping
# audience: xray
token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ1RmdMYkV6RlhVQUZXYkhMcUcxNmJmVE9SSmhBdHJuSEM1V3RueUdYc1drIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjoiamZ4ckAqIiwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjkwMDI3MTk4MCwianRpIjoiNjk1ZDQwZWQtNGY2Zi00ZDk4LWE0NzYtYjExZTQ3MGNjM2EyIn0.ZpGDcUAebnd1sn5zXL0BYd6-Rv-6fKhEdJvKnYzsC28J0wJW0MU5MACmNx_HKWw-Ffr7_06fYJuhphy1XdTjZR6vIfUiQBQRmpFwLScC70MFgD8V-wjh04PkrnHyu6NPjVIg4NCS9IUOltPO3Pd3pzjLxbMG5evyoJ8O5Ucwhug
host: gitguardian.jfrog.io

- text: |
curl -H"Authorization: Bearer eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmeHJAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.G142GFb9wZYn3JG4XKTM8PhmvDWpGph1zPl09AIrSGbGOoEJfDmvIWABys65sH4xBQtn6OH6ys0YWg_m1bcsBMGhgBxxYqNjd61UaENmKHjztzWCT-6UPXXqgNLoYE-avqtD6vkxqWQV6tokgTyupyRizhS2TEjfrHNTtIVWi8Q" \
https://gitguardian.jfrog.io/router/api/v1/system/ping
# audience: multiple including xray
token: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJlckk1d25pVWF0X1RoLW9jRC1hZmowd05KVDRBV3RMbDFMMHh1em5NVFgwIn0.eyJzdWIiOiJqZmZlQDAwMC91c2Vycy9oZWxsb0BnaXRndWFyZGlhbi5jb20iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2FkbWluIGFwaToqIiwiYXVkIjpbImpmeHJAKiIsImpmbWRAKiIsImpmZXZ0QCoiLCJqZmFjQCoiXSwiaXNzIjoiamZmZUAwMDAiLCJpYXQiOjE2MjE5NzM3NzMsImp0aSI6IjVkOTUxNWZlLTM0ODctNDA2Ny1hNjdmLTYwYmJkNjJhYjcwYiJ9.G142GFb9wZYn3JG4XKTM8PhmvDWpGph1zPl09AIrSGbGOoEJfDmvIWABys65sH4xBQtn6OH6ys0YWg_m1bcsBMGhgBxxYqNjd61UaENmKHjztzWCT-6UPXXqgNLoYE-avqtD6vkxqWQV6tokgTyupyRizhS2TEjfrHNTtIVWi8Q
host: gitguardian.jfrog.io

How can I help you ?