Getting Started with JFrog Artifactory Cloud (Beginner Guide)

Question

1) What is JFrog Artifactory Cloud?

JFrog Artifactory Cloud is a managed artifact repository where you store and manage:

• Docker images
• NPM packages
• Maven / Gradle dependencies
• Python (PyPI) packages
• NuGet packages
• Helm charts
• Generic build artifacts (ZIP, JAR, etc.)

Think of it like your company’s private package registry + artifact storage + dependency proxy.

---

✅ Prerequisites

Before starting, you should have:

• A JFrog account
• Basic knowledge of at least one package manager (NPM / Maven / Docker etc.)

• CLI tools installed depending on your use-case:

  • Docker CLI (if using Docker)
  • Node + npm (if using npm)
  • Java + Maven (if using Maven)
  • Python + pip (if using PyPI)

---

2) Create Your JFrog Artifactory Cloud Instance

Step 1: Sign up / Login

Go to JFrog Cloud and create an instance.

You will get a base URL like:

https://<your-company>.jfrog.io

Example:

https://sunnycompany.jfrog.io

---

3) Understand the Key Concepts (Important!)

Repository Types in Artifactory

Artifactory has 3 repository types:

1. Local Repository

Where you publish your own packages
Example:

• npm-local
• docker-local

2. Remote Repository

A proxy for external public registries
Example:

• NPM remote → proxies https://registry.npmjs.org
• Maven remote → proxies Maven Central

3. Virtual Repository

A single endpoint that groups multiple repos
Example:

• npm-virtual can include:

  • npm-local + npm-remote

Best practice: Your developers use virtual repos, not local/remote directly.

---

4) Create Repositories (Recommended Setup)

From the JFrog UI:

Navigation:

Administration → Repositories → Create Repository

Example setup for NPM:

Create these:

✅ npm-local (Local)
✅ npm-remote (Remote)
✅ npm-virtual (Virtual includes both)

Example setup for Docker:

✅ docker-local
✅ docker-remote
✅ docker-virtual

---

5) Create a User + API Key / Access Token

Best practice:

Use Access Tokens instead of passwords.

Go to:

User Profile → Access Tokens → Generate Token

Save it safely.

---

6) Install and Configure JFrog CLI (Strongly Recommended)

JFrog CLI makes publishing & downloading much easier.

Install JFrog CLI

On Windows (PowerShell):

winget install JFrog.CLI

Or via npm:

npm install -g jfrog-cli-v2-jf

Verify:

jf --version

Configure Artifactory connection:

jf c add

It will ask:

• Server ID (name anything, ex: my-jfrog)
• Artifactory URL: https://<your-company>.jfrog.io
• Access token

---

7) Publish Packages (Examples)

✅ Example A: Publish an NPM Package

Step 1: Configure npm to use Artifactory

You’ll use your virtual repo endpoint like:

https://<your-company>.jfrog.io/artifactory/api/npm/npm-virtual/

Run:

npm config set registry https://<your-company>.jfrog.io/artifactory/api/npm/npm-virtual/

Step 2: Authenticate

You can login using:

npm login --registry=https://<your-company>.jfrog.io/artifactory/api/npm/npm-virtual/

Username: your JFrog username
Password: your token
Email: any email

Step 3: Publish

npm publish

Your package will go into npm-local (if permissions + virtual repo routing is correct).

---

✅ Example B: Push a Docker Image

Step 1: Docker login

Your Docker registry will look like:

<your-company>.jfrog.io

Login:

docker login <your-company>.jfrog.io

Username: JFrog username
Password: access token

Step 2: Tag image

Example:

docker tag myapp:1.0 <your-company>.jfrog.io/docker-local/myapp:1.0

Step 3: Push image

docker push <your-company>.jfrog.io/docker-local/myapp:1.0

---

✅ Example C: Upload Generic Files (ZIP, JAR, build artifacts)

Upload a file:

jf rt u "dist/*.zip" generic-local/myapp/

Download:

jf rt dl generic-local/myapp/ --flat=true

---

8) Configure Permissions (Most Important for Teams)

Go to:

Administration → Identity and Access → Permissions

Create a Permission Target:

• Select repository (ex: npm-local)

• Assign users/groups:

  • Read
  • Write
  • Annotate
  • Delete (avoid unless needed)

Best practice roles:

• Developers → Read + Deploy/Write
• CI/CD user → Write + Read
• Admins → full

---

9) Setup CI/CD Publishing (Recommended)

Most teams integrate Artifactory with:

• GitHub Actions
• GitLab CI
• Jenkins
• Azure DevOps

Example: Upload build artifact in pipeline

jf rt u "build/*.jar" maven-local/com/mycompany/app/

Publish build info (super useful)

jf rt bp my-build-name 1

This gives traceability like:

• which commit produced which artifact
• dependencies used
• security scanning (if Xray is enabled)

---

10) Best Practices (Do This Early)

✅ Use Virtual repositories for developers
✅ Keep naming consistent:

• <type>-local
• <type>-remote
• <type>-virtual

✅ Create separate repos per environment if needed:

• npm-dev-local
• npm-prod-local

✅ Use Access Tokens not passwords
✅ Create a CI service account
✅ Enable cleanup policies (avoid storage overload)
✅ Use JFrog CLI for automation

---

11) Common Troubleshooting

❌ “403 Forbidden”

• Permission target missing read/write
• Token expired
• Wrong repo endpoint

❌ “Package published to wrong repo”

• Virtual repo not configured to deploy to local
• Incorrect registry URL

❌ Docker push fails

• Wrong repo path: docker-local/
• Registry not configured properly in JFrog

---

12) Quick Checklist (Fast Setup)

✅ Create Artifactory Cloud instance
✅ Create repos (local + remote + virtual)
✅ Create access token
✅ Configure JFrog CLI
✅ Test upload (npm or docker)
✅ Setup permissions for team
✅ Integrate with CI/CD
✅ Use build-info for traceability

---