Raw Repository

Cloudsmith provides public & private repositories for Raw files

Cloudsmith supports "Raw" files. Any file, any extension, suitable for datasets, images or whatever you want to throw at it. You get all the benefits of a Cloudsmith repository such as CLI uploads for automation, fine-grained access controls and logging/statistics (among others) - but for any file type at all.

Contextual Documentation

The examples in this document are generic. Cloudsmith provides contextual setup instructions within each repository, complete with copy n' paste snippets (with your namespace/repo/rsa-key pre-configured).

In the following examples:




Your Cloudsmith account name or organisation name (namespace)


Your Cloudsmith Repository name (also called "slug")


Your Cloudsmith Entitlement Token (see Entitlements for more details)


Your Cloudsmith username


Your Cloudsmith password


Your Cloudsmith API Key


The name of your file (i.e file.zip or file.txt etc)


Optional version number for a package

Upload a File

Upload via the Cloudsmith CLI

For full details of how to install and setup the Cloudsmith CLI, see Command Line Interface.

The command to upload via the Cloudsmith CLI is:



cloudsmith push raw your-account/your-repo file.zip

Upload via Cloudsmith Website

Please see Upload a Package for details of how to upload via the Website UI.

Download a Package

To download a Raw package, you'll need to fetch uploaded files using a well-crafted URL, for example:

Public Repositories

curl -O 'https://dl.cloudsmith.io/public/OWNER/REPOSITORY/raw/files/FILENAME'

If you have multiple versions of a package you can download a specific version with:

curl -O 'https://dl.cloudsmith.io/public/OWNER/REPOSITORY/raw/versions/VERSION_NO/FILENAME'

Or to get the latest version of the package, replace the version number with 'latest':

curl -O 'https://dl.cloudsmith.io/public/OWNER/REPOSITORY/raw/versions/latest/FILENAME'

Alternatively, when logged into Cloudsmith via a Web Browser, there's a green "Download" button that provides a link to download that file.

Private Repositories


Private Cloudsmith repositories require authentication. You can choose between two types of authentication, Entitlement Token Authentication or HTTP Basic Authentication.

The download URL will differ depending on what authentication type you choose to use.


Entitlement Tokens, User Credentials and API-Keys should be treated as secrets, and you should ensure that you do not commit them in configurations files along with source code or expose them in any logs.

curl -O 'https://dl.cloudsmith.io/TOKEN/OWNER/REPOSITORY/raw/files/FILENAME'
curl -u "USERNAME:PASSWORD" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/files/FILENAME'
curl -u "USERNAME:API-KEY" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/files/FILENAME'
curl -u "token:TOKEN" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/files/FILENAME'

If you have multiple versions of a package you can download a specific version with:

curl -O 'https://dl.cloudsmith.io/TOKEN/OWNER/REPOSITORY/raw/versions/VERSION_NO/FILENAME'
curl -u "USERNAME:PASSWORD" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/versions/VERSION_NO/FILENAME'
curl -u "USERNAME:API-KEY" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/versions/VERSION_NO/FILENAME'
curl -u "token:TOKEN" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/versions/VERSION_NO/FILENAME'

Or to get the latest version of the package, replace the version number with 'latest':

curl -O 'https://dl.cloudsmith.io/TOKEN/OWNER/REPOSITORY/raw/versions/latest/FILENAME'
curl -u "USERNAME:PASSWORD" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/versions/latest/FILENAME'
curl -u "USERNAME:API-KEY" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/versions/latest/FILENAME'
curl -u "token:TOKEN" -O 'https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/raw/versions/latest/FILENAME'

For downloading from a private repository via the Website UI, you can also use the dropdown arrow beside the "Download" button to pick a different way of authenticating for the download.

HTML / JSON Indexes

Cloudsmith supports serving Apache-style HTML and JSON formatted indexes of raw package files in the repository. You can enable index generation in the Repository Settings.

When enabled, the HTML index is available at:

Public Repositories


Private Repositories


The JSON index is available at:

Public Repositories


Private Repositories


Upstream Proxying / Caching

Not Supported

Key Signing Support


Viewing Package Signatures

Package signatures for raw files are presented in three ways:

  • As a separate entry in the HTML index.
  • As an object keyed by signature on each file entry with the JSON index.
  • Directly, by appending .asc to a file URL.

HTML Index

HTML Indexes will output a separate <li> entry containing the URL for the signature for each file. Additionally, the checksum is available under the data-checksum-sha256 attribute on the element:

JSON Index

JSON indexes will attach the package signature URL and checksum values under the checksum key for each package object:

   "packages" : [
         "name" : "PACKAGE_NAME",
         "signature" : {
            "checksum_sha256" : "SIGNATURE_CHECKSUM",
            "url" : "https://dl.cloudsmith.io/TOKEN/OWNER/REPO/PACKAGE_IDENTIFIER/gpg.FILE_IDENTIFIER.asc"

File URL

For convenience, each of the file URLs listed above in 'Download a Package' can also map to the signature, by appending .asc to the URL. For example:


# Retreive a file
curl https://dl.cloudsmith.io/TOKEN/OWNER/REPO/raw/files/$FILENAME

# Retreive the signature for the file
curl https://dl.cloudsmith.io/TOKEN/OWNER/REPO/raw/files/$FILENAME.asc


Please see the Troubleshooting page for further help and information.

Did this page help you?