Cloudsmith Documentation Hub

Welcome to the Cloudsmith Documentation Hub. You'll find comprehensive guides and documentation to help you start working with Cloudsmith as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Signing Keys

Cloudsmith uses GPG or RSA signatures (where applicable) in addition to package checksums to detect tampering.

We calculate a signature for every file that is uploaded, but only some of the package formats make it available or use it. Only some of the formats also offer metadata signing.

For increased trust, you can also provide your own GPG key or RSA key for signing.

Key Support by Package Format

Package Format

Key Type

Key Use

Alpine

RSA

Index

Cargo

Not Supported by Format

CocoaPods

Not Supported by Format

Composer

GPG

Conan

Not Supported by Format

CRAN

Dart

Not Supported by Format

Debian

GPG

Index

Docker

RSA

Index

Go

Gradle

GPG

Index Packages

Helm Charts

GPG

LuaRocks

Maven

GPG

Index Packages

npm

GPG

NuGet

Python

GPG

Raw

GPG

RPM

GPG

Index Packages

Ruby

GPG

sbt

GPG

Index Packages

Terraform Modules

Not Supported by Format

Unity Registry

GPG

Vagrant

GPG

Updated 6 months ago


Signing Keys


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.