Enterprise Link

Enterprise-grade control over data and delivery

Protect every artifact with automated policy controls that scale with your business. Cloudsmith makes it easy to enforce security, compliance, and governance across every stage of your software supply chain.

Add an additional layer of security and governance to Cloudsmith with Enterprise Link

Cloudsmith was built secure-by-design. Every artifact, log, and transaction is encrypted and isolated, protecting customer data at every stage. For enterprises that require greater governance or network control, Enterprise Link is a set of controls that add additional options to restrict, isolate and manage connectivity. These controls add layers of assurance to safeguard your most valuable IP, including org-wide data residency controls, fixed IP ranges to enable firewall rules, IP and geographic blacklisting, and ephemeral tokens for authentication.

By implementing the Enterprise Link controls, enterprises get the benefits of a globally-distributed SaaS solution, with even stronger protection against threat actors and stricter alignment with corporate security policies.
    Access Control & Security
    GEO/IP Restrictions at Workspace Level– Apply GEO/IP restrictions to the entire workspace, covering both UI and download endpoints, not just downloads.

    Global Workspace Defaults for IP Allow Lists – Set a default IP allow list at the workspace level that applies to all repositories.

    Static IP Address Access – Provide access to Cloudsmith from a fixed, small range of static IPs for easier firewall and security management, while reducing data output and NAT costs

    OIDC Authentication for Service Accounts – Support OpenID Connect for service accounts, enabling secure token-based authentication and integration with identity providers.
    Data Residency & Storage Configuration
    Workspace-Level Repository Storage Regions – Define storage regions at the workspace level instead of per repository for consistency and compliance.

    Default Fixed Region for All Data – Configure a single fixed default region for all workspace storage and data to maintain consistent residency.
    Endpoint & Data Protection
    Simplified Custom Domains for All Endpoints – Self-serve (or semi-self-serve) configuration of custom domains for all package endpoints, supporting all formats e.g. packages.your-company.com.

    Full End-to-End Encryption – Ensure packages are encrypted both in transit and at rest for maximum security and compliance.

Frequently Asked Questions

  1. Cloudsmith was built secure-by-design. Every artifact, log, and transaction is encrypted and isolated, protecting customer data at every stage. Enterprise Link adds additional network and compliance controls for teams with stricter policies.

  2. Enterprise Link provides limited, tightly controlled access over the internet. It does not create provider-native VPC endpoints. If your policy mandates those, talk to us.

  3. No. Enterprise Link focuses on outcomes (control, compliance, etc) rather than VPC endpoint plumbing. While we don’t currently support provider-native VPC endpoints such as PrivateLink, Enterprise Link is designed to meet comparable security, compliance, and control requirements. If your policy mandates Private Link, talk to us.

  4. Enterprise Link maintains Cloudsmith’s global edge delivery, so performance is on parity with our default configuration. Enterprise Link keeps the optimizations that make downloads fast and reliable, while adding the extra network controls you need.

  5. To provision Enterprise Link, first you'll work with our Customer Success team to understand your specific configuration requirements, before the feature is activated for your workspace.

Ready to get started?
Speak with a Cloudsmith expert about your security and compliance requirements. We're here to help.