How to reset the master key

How to reset the master key

AuthorFullName__c
Patrick Russell
articleNumber
000004143
ft:sourceType
Salesforce
FirstPublishedDate
2019-01-23T00:15:31Z
lastModifiedDate
2024-10-15
VersionNumber
15

Versions: Artifactory 7.X

It hopefully goes without saying that this file is very important, and it should not be lost. If the master.key is lost, the services that rely on the master.key won't be able to start. That being said, recovery is still possible!

The master.key is a secret key used to encrypt key tables in the database, it was introduced in Artifactory 5.7. By default, this file is automatically generated during the first start of the application.

One of the main usages of the master.key is to be a key step when setting up a High Availability cluster of Artifactory. The master.key is also used to encrypt all sorts of information saved in the database, in addition to passwords saved on the file system (Ex: $JFROG_HOME/etc/system.yaml). Moreover, all sensitive data managed by Access are also encrypted using the master.key, such as users’ passwords, API keys, etc.
 

Recovering from a lost master.key is tricky and requires connecting to the database. It’s a different procedure between Artifactory version 6.x and 7.x.

 

Note:

In Artifactory 7.71 and up, there was a migration of security configurations (Mainly LDAP) from Artifactory database tables to the Access database tables. This improved security of the platform, but it also had an unfortunate side effect of encrypting the LDAP Manager's Password using the master key as a discrete setting. 

As a result, in versions 7.71 and up, you must manually reset the LDAP configuration after recovering Artifactory. Ensure you have a local Admin account to log in with after following the steps here.