Enterprise Link

Enterprise-grade control over data and delivery

Protect every artifact with automated policy controls that scale with your business. Cloudsmith makes it easy to enforce security, compliance, and governance across every stage of your software supply chain.

Add an additional layer of security and governance to Cloudsmith with Enterprise Link

Cloudsmith is already secure by default, but with Enterprise Link our customers get additional layers of security to protect their most valuable IP; including end to end data encryption, org-wide data residency controls, fixed IP ranges to enable firewall rules, IP and geographic blacklisting, and ephemeral tokens for authentication.

By activating Enterprise Link, enterprise customers get the benefits of a globally-distributed SaaS solution, with even stronger protection against threat actors.
    Access Control & Security
    GEO/IP Restrictions at Workspace Level– Apply GEO/IP restrictions to the entire workspace, covering both UI and download endpoints, not just downloads.

    Global Workspace Defaults for IP Allow Lists – Set a default IP allow list at the workspace level that applies to all repositories.

    Static IP Address Access – Provide access to Cloudsmith from a fixed, small range of static IPs for easier firewall and security management, while reducing data output and NAT costs

    OIDC Authentication for Service Accounts – Support OpenID Connect for service accounts, enabling secure token-based authentication and integration with identity providers.
    Data Residency & Storage Configuration
    Workspace-Level Repository Storage Regions – Define storage regions at the workspace level instead of per repository for consistency and compliance.

    Default Fixed Region for All Data – Configure a single fixed default region for all workspace storage and data to maintain consistent residency.
    Endpoint & Data Protection
    Simplified Custom Domains for All Endpoints – Self-serve (or semi-self-serve) configuration of custom domains for all package endpoints, supporting all formats e.g. packages.your-company.com.

    Full End-to-End Encryption – Ensure packages are encrypted both in transit and at rest for maximum security and compliance.

Frequently Asked Questions

  1. Cloudsmith is secure by default, but Enterprise Link adds additional network and compliance controls for teams with stricter policies.

  2. Enterprise Link provides limited, tightly controlled access over the internet. It does not create provider-native VPC endpoints. If your policy mandates those, talk to us.

  3. No. Enterprise Link focuses on outcomes (control, compliance, etc) rather than VPC endpoint plumbing. If your policy mandates Private Link, talk to us.

  4. Enterprise Link maintains Cloudsmith’s global edge delivery, so performance is on parity with our default configuration. Enterprise Link keeps the optimizations that make downloads fast and reliable, while adding the extra network controls you need.

  5. To provision Enterprise Link, first you'll work with our Customer Success team to understand your specific configuration requirements, before the feature is activated for your workspace.

Ready to get started?
Speak with a Cloudsmith expert about your security and compliance requirements. We're here to help.