Security

Security Considerations

Any access to the JFrog Platform should be done with https (TLS).

TLS termination can be done in one of two common ways:

1. At the Load Balancer which is in front of the platform deployment. Installation of the TLS certificates has to be done on the Load Balancer
2. At the ingress controller. The main advantage of doing it like this is the ability to tie the configuration and management of the TLS setup (deployment and rotation)) with the K8s resources management using Kubernetes native methodologies like GitOps and Helm Charts

For increased security, TLS can be enabled between the platform services. An internal signed certificate should be used for this setup.

Secured connection should also be applied between the JFrog services, the database and storage.

Storage

All storage should be encrypted at rest. For example, see AWS EBS encryption.

Database

Database storage should also be configured with encryption at rest. For example, see AWS RDS encryption.

Database connection should also be encrypted with TLS. For example, see AWS RDS TLS connection.

JFrog Databases with TLS

• Artifactory
• Xray