World's First Private Hex Repository with Cloudsmith

Feb 14 2024/upstream/3 min read
Level up supply chain security and package management for your organizations Erlang and Elixir teams with Cloudsmith's Private Hex Repositories.

Cloudsmith proudly introduces support for private Hex package repositories, marking a significant milestone in supply chain security and package management for Erlang and Elixir teams.

With Cloudsmith, you can manage, develop and distribute your Hex packages in your own private Hex registry using familiar tooling, ensuring seamless integration into your existing workflow.

Our fully managed platform provides global distribution for remote teams, with 410 points of presence around the world, ensuring elasticity to scale with your team's needs. 

Enjoy peace of mind with built-in security scanning for malware and CVEs, and define how to handle low, medium, and critical issues.

Plus, our transparent pricing makes Cloudsmith affordable for teams of all sizes, and you'll receive quality Engineer led support, ensuring a smooth experience from start to finish.

What is Hex? 

Hex is a package manager for the BEAM ecosystem; any language that compiles to run on the BEAM VM, such as elixir and Erlang, can be used to build Hex packages. 

Hex is an open-source project initiated in early 2014, and continues to evolve under the stewardship of Six Colors AB which was founded in 2018 by Hex's creator, Eric Meadows-Jönsson.

Since its inception, Hex has become indispensable for Erlang and Elixir developers, facilitating dependency management and third-party library integration with ease.

With Cloudsmith's launch of private Hex repositories, developers now have a secure and flexible solution for hosting and distributing Hex packages internally for development or externally for distribution. 

Why Choose a Private Hex Repository?

Running your private Hex repository on Cloudsmith provides numerous advantages:

  • Internal Package Sharing: Develop and securely share Hex packages internally and share them privately to other teams anywhere in the world.
  • Pipeline Deployment: Seamlessly distribute and deploy your organization's Hex packages within CI/CD pipelines.
  • Commercial Distribution: Distribute Hex packages globally as commercial software, with granular control over access and distribution.
  • Mirror: Mirror public Hex packages and insulate your organization from uncontrolled public upstream.
  • Dependency Management: Capture the precise state of dependencies at specific versions/releases for improved version control.
  • Access Control: Manage access to Hex packages efficiently with Cloudsmith's comprehensive access management features.

Getting Started

Getting started with Cloudsmith and Hex is straightforward:

  1. Sign up for a Cloudsmith account and create a repository to host your Hex packages.
  2. Ensure Hex’s Mix client is installed.

Publishing your Hex packages to Cloudsmith

  1. Add Cloudsmith as a repository using the Mix client:
mix hex.repo add REPOSITORY --auth-key API_KEY --fetch-public-key REPOSITORY_FINGERPRINT
  1. Create your Hex package following standard procedures for building and packaging your Erlang or Elixir project.

  2. Ensure that your Hex package is properly configured and ready for publication. This includes updating the mix.exs file with the necessary metadata and dependencies. Simply update the defp function in mix.exs with your Cloudsmith repository's URL and authentication details like this:

defp hex do [api_url: "", api_key: "API-KEY" ] End

Publish your HEX package.

mix hex.publish package

For detailed setup instructions and integration guidance, refer to Cloudsmith’s Hex documentation or the contextual documentation within your Cloudsmith repository.

Cloudsmith's private Hex repositories provide a robust and flexible solution for managing Hex packages within your organization. 

As the only cloud-native, global, and universal artifact management platform designed for secure software development and distribution, Cloudsmith provides the essential security, reliability, and control necessary to secure and streamline package management workflows.

We're extremely proud to be able to support the Erlang and Elixir ecosystems with this first (non-official) implementation of public and private Hex registries.

Start leveraging Cloudsmith today and experience the benefits of hosting your Hex packages in the world's first private Hex repository service.

Get our next blog straight to your inbox