New
Discover how Dropbox streamlined dev environments & cut costs by switching 1000 developers to Coder

Read the success story

Get a Demo
About
Architecture
Installation
Kubernetes
Docker
OpenShift
Offline deployments
External database
Uninstall
1-click install
Releases
Platforms
AWS
Azure
Docker
GCP
Kubernetes
Additional clusters
Deployment logs
Other platforms
Templates
Working with templates
Your first template
Guided tour
Setting up templates
Change management
Provider authentication
Resource persistence
Terraform modules
Customizing templates
Agent metadata
Resource metadata
UI Resource Ordering
Parameters
Variables
Administering templates
General settings
Permissions
Workspace Scheduling
Open in Coder
Docker in workspaces
Dev Containers
Troubleshooting templates
Process Logging
Icons
Workspaces
IDEs
Web IDEs
JetBrains Gateway
Emacs
Remote Desktops
Networking
Port Forwarding
STUN and NAT
Dotfiles
Secrets
Administration
Authentication
Users
Groups
RBAC
Configuration
External Auth
Upgrading
Automation
Scaling Coder
Reference Architectures
Up to 1,000 users
Up to 2,000 users
Up to 3,000 users
External Provisioners
Workspace Proxies
Application Logs
Audit Logs
Quotas
High Availability
Prometheus
Appearance
Telemetry
Database Encryption
Deployment Health
Enterprise
Contributing
Code of Conduct
Feature stages
Documentation
Security
Frontend
API
General
Agents
Applications
Audit
Authentication
Authorization
Builds
Debug
Enterprise
Files
Git
Insights
Members
Organizations
PortSharing
Schemas
Templates
Users
WorkspaceProxies
Workspaces
Command Line
autoupdate
coder
config-ssh
create
delete
dotfiles
external-auth
external-auth access-token
favorite
features
features list
groups
groups create
groups delete
groups edit
groups list
licenses
licenses add
licenses delete
licenses list
list
login
logout
netcheck
open
open vscode
ping
port-forward
provisionerd
provisionerd start
publickey
rename
reset-password
restart
schedule
schedule override-stop
schedule show
schedule start
schedule stop
server
server create-admin-user
server dbcrypt
server dbcrypt decrypt
server dbcrypt delete
server dbcrypt rotate
server postgres-builtin-serve
server postgres-builtin-url
show
speedtest
ssh
start
stat
stat cpu
stat disk
stat mem
state
state pull
state push
stop
support
support bundle
templates
templates archive
templates create
templates delete
templates edit
templates init
templates list
templates pull
templates push
templates versions
templates versions archive
templates versions list
templates versions unarchive
tokens
tokens create
tokens list
tokens remove
unfavorite
update
users
users activate
users create
users delete
users list
users show
users suspend
version
Security
API tokens of deleted users not invalidated
FAQs
Guides
Generate a Support Bundle
Configuring Okta
Google to AWS Federation
JFrog Artifactory Integration
Template ImagePullSecrets
Postgres SSL
Azure Federation
Scanning Coder Workspaces with JFrog Xray
Home
/
Guides
/
JFrog Artifactory Integration

JFrog Artifactory Integration

JFrog Artifactory Integration

January 24, 2024

Use Coder and JFrog Artifactory together to secure your development environments without disturbing your developers' existing workflows.

This guide will demonstrate how to use JFrog Artifactory as a package registry within a workspace.

Requirements

  • A JFrog Artifactory instance
  • 1:1 mapping of users in Coder to users in Artifactory by email address or username
  • Repositories configured in Artifactory for each package manager you want to use

Provisioner Authentication

The most straight-forward way to authenticate your template with Artifactory is by using our official Coder modules. We publish two type of modules that automate the JFrog Artifactory and Coder integration.

  1. JFrog-OAuth
  2. JFrog-Token

JFrog-OAuth

This module is usable by JFrog self-hosted (on-premises) Artifactory as it requires configuring a custom integration. This integration benefits from Coder's external-auth feature and allows each user to authenticate with Artifactory using an OAuth flow and issues user-scoped tokens to each user.

To set this up, follow these steps:

  1. Modify your Helm chart values.yaml for JFrog Artifactory to add,
artifactory:
  enabled: true
  frontend:
  extraEnvironmentVariables:
    - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION
      value: "true"
  access:
  accessConfig:
    integrations-enabled: true
    integration-templates:
      - id: "1"
        name: "CODER"
        redirect-uri: "https://CODER_URL/external-auth/jfrog/callback"
        scope: "applied-permissions/user"

Note Replace CODER_URL with your Coder deployment URL, e.g., <coder.example.com>

  1. Create a new Application Integration by going to https://JFROG_URL/ui/admin/configuration/integrations/new and select the Application Type as the integration you created in step 1.

JFrog Platform new integration

  1. Add a new external authentication to Coder by setting these env variables,
# JFrog Artifactory External Auth
CODER_EXTERNAL_AUTH_1_ID="jfrog"
CODER_EXTERNAL_AUTH_1_TYPE="jfrog"
CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY"
CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX"
CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory"
CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg"
CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization"
CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user"

Note Replace JFROG_URL with your JFrog Artifactory base URL, e.g., <example.jfrog.io>

  1. Create or edit a Coder template and use the JFrog-OAuth module to configure the integration.
module "jfrog" {
  source = "registry.coder.com/modules/jfrog-oauth/coder"
  version = "1.0.0"
  agent_id = coder_agent.example.id
  jfrog_url = "https://jfrog.example.com"
  configure_code_server = true # this depends on the code-server
  username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
  package_managers = {
    "npm": "npm",
    "go": "go",
    "pypi": "pypi"
  }
}

JFrog-Token

This module makes use of the Artifactory terraform provider and an admin-scoped token to create user-scoped tokens for each user by matching their Coder email or username with Artifactory. This can be used for both SaaS and self-hosted(on-premises) Artifactory instances.

To set this up, follow these steps:

  1. Get a JFrog access token from your Artifactory instance. The token must be an admin token with scope applied-permissions/admin.
  2. Create or edit a Coder template and use the JFrog-Token module to configure the integration and pass the admin token. It is recommended to store the token in a sensitive terraform variable to prevent it from being displayed in plain text in the terraform state.
variable "artifactory_access_token" {
  type      = string
  sensitive = true
}

module "jfrog" {
  source = "registry.coder.com/modules/jfrog-token/coder"
  version = "1.0.0"
  agent_id = coder_agent.example.id
  jfrog_url = "https://example.jfrog.io"
  configure_code_server = true # this depends on the code-server
  artifactory_access_token = var.artifactory_access_token
  package_managers = {
    "npm": "npm",
    "go": "go",
    "pypi": "pypi"
  }
}
The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.

If you do not want to use the official modules, you can check example template that uses Docker as the underlying compute here. The same concepts apply to all compute types.

Offline Deployments

See the offline deployments section for instructions on how to use coder-modules in an offline environment with Artifactory.

More reading

  • See the full example template here.
  • To serve extensions from your own VS Code Marketplace, check out code-marketplace.
  • To store templates in Artifactory, check out our Artifactory modules docs.
See an opportunity to improve our docs? Make an edit.
On this page