Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package (implicit)
name:my-package (explicit)

Search by package filename:
my-package.ext (implicit)
filename:my-package.ext (explicit)

Search by package tag:
latest (implicit)
tag:latest (explicit)

Search by package version:
1.0.0 (implicit)
version:1.0.0 (explicit)
prerelease:true (prereleases)
prerelease:false (no prereleases)

Search by package architecture:
architecture:x86_64 

Search by package distribution:
distribution:el 

Search by package license:
license:MIT 

Search by package format:
format:deb 

Search by package status:
status:in_progress 

Search by package file checksum:
checksum:5afba 

Search by package security status:
severity:critical 

Search by package vulnerabilities:
vulnerabilities:>1 
vulnerabilities:<1000 

Search by # of package downloads:
downloads:>8 
downloads:<100 

Search by package type:
type:binary 
type:source 

Search by package size (bytes):
size:>50000 
size:<10000 

Search by dependency name/version:
dependency:log4j 
dependency:log4j=1.0.0 
dependency:log4j>1.0.0 

Search by uploaded date:
uploaded:>"1 day ago" 
uploaded:<"August 14, 2022 EST" 

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY 

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial
Set Me Up
 Public borgmatic-collective borgmatic-co… (Borgmatic Collective) / borgmatic
Borgmatic: A certifiably-awesome public package repository curated by Borgmatic Collective, hosted by Cloudsmith.
Packages 68 Package Groups 5 Public Keys

Table of Contents

Tool-Specific Instructions

Although we use GPG (and RSA) keys across each repository and package format, client-side tools might have specific instructions that differ (or require manual steps). To add or use the signing key for these tools, please click on the package format specific tabs above.

Public GPG Key

GPG-based keys/signatures are used by:
Python logo

The public GPG key for the borgmatic-collective/borgmatic is: 

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGP98rUBDADCWUMBEnHpzBr9r2vb5fCydw6KW9vrcGXS2m3Oj5//KfLyHCch
oRDRsxryGs+8Eu2PJgajfw/UROgI3WYhjjNjwlXPl4iijqIu1VH/6HUiiL0YOqL0
6DrLjVi15wGPdbR32ybTo4KPUmGZj3PJ3e4PyMWdZss7W9L+1i/xG37qTKG70o3V
Pveit1wHdvwBTidDXLlNROrBoT7VtCiWsZbRxvOev5IDsJpV2nFdDqHk9zIt+sVP
xlWbae8EO46Sq6W8Yofz8iTs+Czan1I68SMR9D4M4TfwnqNlG2ysNh+dm7k9uE5A
L07eOwQngx/E2Mr/Tqo8rA97unxYA/YQtbh5cyKtBGt5+uJMLZaF25kInkONzt8B
4925K9rRSukMK0VKSnR/sG+F12AQ5z8qPE6D/it4nTtS7jRMc2olnuis+ThsFv1n
EGY/eKdMpIW/HhbryIDYwa0iXHH67X3PzX1XLqQNXMJPFrDuUoZMAxgt8sihry2l
V2/KIOx+9llp1q8AEQEAAbRLQ2xvdWRzbWl0aCBQYWNrYWdlIChib3JnbWF0aWMt
Y29sbGVjdGl2ZS9ib3JnbWF0aWMpIDxzdXBwb3J0QGNsb3Vkc21pdGguaW8+iQHO
BBMBCAA4FiEEtkF92f8CQvYpLm7F3XJ5kemkNFsFAmP98rUCGy8FCwkIBwMFFQoJ
CAsFFgIDAQACHgECF4AACgkQ3XJ5kemkNFv4mQwAuVCNX0f7ZIY0Zgm37RsEiC1H
BasraTHUNdFFWZJejDTbLkZrCdHAuoeMGPKyqw6UgpRbWs0CiK8VtiSYJGm8BBGN
cmMQ4YEQd8gRb/6hpCKX/X459j03vMaTAATJ2qyk2098QeWf/mLK+1Gs5xpSxTBK
SsfM51IpUhYz9sSgPnJi/iLE/zT6LWBNAw+etbEaayAEZLeQ4zwdCOWHjw/iAqpk
4n9320W3Sv7EJnVGUh5YmNEFKxW7QZIGD1vg0Gjt1X1tfo1V+0MMOg5k3GkpKDDR
/vHE+M+NYppglOS/2VdCkz4NtwnZtaEYIG8rp3TWIFdoOeRjdUe5zZLabqK+bdp3
U5eEI3smQEBEJs5cYF8+2MLabOMfs1dba1d0mBI/Xy45u06JHyt519AdZvip6vWD
c2hJN1ozzpUz/7/WmLxwug0PjTBIjMQWslKWOw4iNgTht/AhxFi/n07h9JsROyNp
PcOk5wJnbhHaTT0Oc9fqmaWsLS9jGRqANPlm9WR9
=SIhc
-----END PGP PUBLIC KEY BLOCK-----

It has the following long (20 bytes) and short (8 bytes) fingerprints: 

B6417DD9FF0242F6292E6EC5DD727991E9A4345B
DD727991E9A4345B

You can download the GPG key or fetch it via the command-line: 

curl -1sLf 'https://dl.cloudsmith.io/public/borgmatic-collective/borgmatic/gpg.DD727991E9A4345B.key'

Public RSA Key

RSA-based keys/signatures are used by:

The public RSA key for the borgmatic-collective/borgmatic is: 

-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArg1jMLrFZ/DQxhIu5XzA
vC5erreUMA5iakHhUkjf5NbhcWJk5j44dTF3VmoUPLE9PxBsoroQQima0sCBLq3N
Qy3uODDt76Z0UCcbv5+tZVlBAqYjjcXR6YNh26OjuUZs0afoNDnr2Zgj9yIdKN8X
eCzrYzXR1nyDp464rCsdDhdjnMkJlSIJDc5DROZhoOiowuIlwMH9HkdF6Smjo0aZ
FD8sBH3nG+rzcieAvebX7QxRsk90YzzCTWixNsaCrMbu4Jw9s6PwRV2hPX9+yjor
ryuBGxSiPkpEh7GAHUb+VRoTpsXNEijSYJfuymEGb6gC1LqDoAMF6wYcMbNmQIb2
YOjQIdbOsXnBGxwCrABYN10KoTk5+P50XQEssG98kgGnI0dOIXfwazVY7IeV7/UU
Qc65bF+G7wJ3CCk7iPNQAkorOtvY236dQueIEafzb/hUJbQeX3V0q6Rt28gcIgRY
PazwwIKPHPlVfgdSvBWPf64lzxdSpKeBuFtMKcFyGQdNAgMBAAE=
-----END PUBLIC KEY-----

It has the following long (16 bytes) and short (8 bytes) fingerprints: 

64290FE577E3CB978E0AC5E2F95E4B6C
8E0AC5E2F95E4B6C

You can download the RSA key or fetch it via the command-line: 

curl -1sLf 'https://dl.cloudsmith.io/public/borgmatic-collective/borgmatic/rsa.8E0AC5E2F95E4B6C.key'

Public ECDSA Key

ECDSA-based keys/signatures are used by:

The public ECDSA OpenSSH key for the borgmatic-collective/borgmatic is: 

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEduyQqipdCtW88/Cx019ayDs8f2Ri
q6LmR/l7J9IjW+Rr6q1QRhqy1YllVVlH+bTnQC3RuhRlQRdDGDV7KVO5lQ==
-----END PUBLIC KEY-----

It has the following long (16 bytes) and short (8 bytes) fingerprints: 

3BFCDA1A8F75A44AD1A6F8837FA9C732
D1A6F8837FA9C732

You can download the ECDSA key or fetch it via the command-line: 

curl -1sLf 'https://dl.cloudsmith.io/public/borgmatic-collective/borgmatic/ecdsa.D1A6F8837FA9C732.key'

Please note however that the NPM client does not require this key to be installed system-wide in order to allow for package verification - NPM tooling will handle keys automatically.

Need Help?

If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.

What's this page? All Cloudsmith repositories and packages are signed using GPG, RSA or ECDSA keys where supported. Signatures and checksums provide reliable mechanisms to ensure that the packages that you download/install are neither corrupt nor modified. GPG is generally preferred, but RSA or ECDSA is used for some package formats (such as Alpine or NPM). Learn more in the signing keys documentation.

Top