The Cloudsmith Developer Hub

Welcome to the Cloudsmith Developer Hub. You'll find comprehensive guides and documentation to help you start working with Cloudsmith as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

📘

When changing or modifying any repository settings please be sure to click the green "Update" button to apply your changes - you may need to scroll down to see it!

Repository Name and Description

Repository Name and Description

You can change the name or description of a repository at any time.

Please be aware that the name is just a descriptive name, it is not the repository slug / identifier. Changing the name of the repository will not result in breaking any configurations used by client programs or other users.

To change the repository slug / identifier, see the section on Potentially Unsafe Actions.


Repository Privileges

Repository Privileges

Repository privileges allow you to configure what permissions are required to perform actions on the repository.

You assign a permission level to a Team or User when you grant them access to the repository (see Access Controls for information on granting access to a repository), and then you can set precisely what actions that permission level can perform using the repository privileges

For Example:
If you wanted a Team or User to only be able to set or use Entitlement Tokens, then you could set the permission level required for Set/Use Entitlements to Read, and set all other action to Write or above.

Then in the repository Access Controls, you would set the Team or User to only have Read permissions on the repository. As a result, they would be able to set or use Entitlement Tokens, but would not have permission for any other repository actions.


User / Self Privileges

Repository User / Self Privileges

User Entitlements Enabled
If checked, users can use and manage their own user-specific entitlement token for the repository (if the repository is a private repository).
If not checked, user-specific entitlement tokens are disabled for all users.

Copy / Move / Delete / Resync
If checked, users can copy/move/delete and resync packages that they have uploaded. This assumes that they still have write privileges for the repository. These override the repository privilege level setting for the repository.


Miscellaneous Settings

Miscellaneous Repository Settings

Use/Configure NoArch Packages
Enables noarch packages (if supported by the package type) in installations/configurations. A noarch package is one that is not tied to a specific system architecture (like i686)

Index Package File Contents
Enables the indexing of files within a package. This will increase the synchronization time for a package but it is recommended to keep this enabled unless synchronization time is significantly impacted.

Proxy Python Packages
Enables automatic proxying from the public pypi.python.org registry for packages that are not present in the repository when requested by clients. If there is at least one version of a package, others will not be proxied.

Proxy Npm Packages
Enables automatic proxying from the public npmjs.org registry for packages that are not present in the repository when requested by clients. If there is at least one version of a package, others will not be proxied.

Serve index for raw packages
Enables the generation of HTML and JSON indexes that list all available raw packages in the repository

Always show Set Me Up for all formats
Enables the "Set Me Up" help documentation for all supported formats, even those formats that do not have packages currently present in the repository.

Use/Configure Source Packages
Enables source packages (if supported by the package type) in installations/configurations). A source package is one that contains source code rather than built binaries

Replace Packages By Default
Enables uploaded packages to overwrite/replace any others with the same attributes (e.g version) by default. This only applies if the user has the required privilege for the republishing AND has the required privilege to delete packages that they do not own.

Strict Npm Validation
Enables strict validation of npm packages to ensure that they match specification. If you have packages that are old or slightly off-spec you can disable this but we can't guarantee that the packages will work with the npm CLI or other tooling

Use crates.io as default Cargo upstream
Enables the assumption that Cargo crates which do not set an explicit value for 'registry' will be available from crates.io. If not enabled, dependencies with unspecified 'registry' values will be assumed to be available in the registry being uploaded to. Disable this if you want to ensure that dependencies are only ever installed from Cloudsmith unless explicitly specified as belong to another registry.

Docker Auth Refresh Enabled
Enables the issuing of refresh tokens in addition to access tokens for Docker authentication. This allows unlimited extension of the lifetime of access tokens

Use Debian Labels
Enables a 'Label' field in Debian-based repositories. It will contain a string that identifies the entitlement token used to authenticate the repository, in the form of 'source=t-'; or 'source=none' if no token was used. You can use this to help with pinning.


Custom GPG Signing Key

You can specify a custom GPG key for signing repository metadata and packages. We will automatically derive the public key and fingerprint for any custom GPG key specified.

If your custom GPG key is encrypted, please also provide the passphrase for it.

Custom RSA Signing Key

You can specify a custom RSA key for signing repository metadata and packages. We will automatically derive the public key and fingerprint for any custom RSA key specified. The private key must be in PKCS8 format.

If your custom RSA key is encrypted, please also provide the passphrase for it.

📘

Adding a custom GPG or RSA key will take effect immediately, but will not affect any existing packages that were signed with the previous key. Packages signed with the previous key will still be available and the previous key can still be fetched.


Potentially Unsafe Actions

Dangerous Actions

Transferring a repository

When you initiate a repository transfer, the owner of the destination account/namespace will need to confirm that they accept the transfer.

The repository will then be transferred to the destination account/namespace immediately. The repository storage size will immediately count towards the storage limits for the destination account/namespace

Collaborators for the repository will be reset and any existing clients of the repository will need to update their URIs to point to the new location.

Updated 4 days ago


Settings


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.