Private Package Sharing

Now that you have created a private repository and uploaded your package: What happens when you want to share that file with someone else?

Cloudsmith Package has an in-built entitlement system allowing you full control over your private repositories. It allows you to share files with third-parties through a token based system (don't panic - we generate all the tokens for you!) and gives you the power to revoke a token at any time without disruption to your repository/package. Cool eh?

It's very simple. Say you want to give one of your customers - let's call him Arnold - a file that you have in one of your private repositories. To do this you can create Arnold a token called say "arnolds-token" and assign it to that file. Cloudsmith will prompt you with the URL embedded with the new super secret token allowing only those with the URL to access the file (you and Arnold).

1. Create an Entitlement Token

On the Packages page; select Entitlements on the left hand menu. This will take you to the Entitlements management page where you should see your Default token. This is created for you as standard and will always be there (you can refresh it but not delete it!).

Click the green "Add Entitlement Token" button (top-right). A form will be displayed asking for a name for the token - the name is inconsequential but a good name will help you track it later. Type in "arnolds-token" and click the "Create Token" button.

You will now see the new token under the Default token.

2. Assign Entitlement Token to a Package

Navigate back to the private repository packages list page.

You will notice that there is an arrow beside the download icon on the download button on the right hand side. Click the arrow and you'll be given the option to download the file with a particular token. If you just want to send the url; right-click with the token of choice and using the browser's "Copy Link Address" feature you can copy the url to your clipboard (for pasting into a chat window or email).

Alternatively from the package details page you'll see a larger version of the button described above (top-right) - it works the same as the smaller version on the repository package listing page.

3. Revoke Entitlement Token

If you decide you no longer want Arnold to have access to the file you can simply revoke his token. Go to the Entitlement management page - you can either delete the token entirely, disable the token, or Refresh the token - which will regenerate a new token code but still assigned to that name. Anyone with the previous code will no longer have access.


Did this page help you?