Custom Signing Keys
Use your own custom signing (GPG/RSA) keys for packages, to assert ownership and traceability. If you don't have one, don't worry, we'll generate a per-repository signing key for you.
Entitlements allow you to control who has read-only access to your package repositories. Whether you're automating server or application installs, or you're building a license-only software distribution, entitlements facilitates these.
Security is paramount at Cloudsmith, and we take pride in taking every precaution to secure the service. All communication and storage is encrypted in-transit and at-rest (with 256-bit or hardware-based encryption). Checksums and GPG signatures are provided to detect tampering. For increased trust you can also provide your own GPG key for signing.