Integrations/Harness

Ship artifacts from Harness with confidence

Cloudsmith gives your Harness CD pipelines a secure, fully managed artifact store. Connect Cloudsmith as an Artifact Server, authenticate with API keys or Entitlement Tokens stored in Harness Secrets Manager, and deploy versioned packages across every environment with a full audit trail behind every promotion.

How we support Harness

Cloudsmith integrates directly with Harness CD as a fully managed Artifact Server, giving your delivery pipelines a secure, version-controlled source of truth for every package you deploy.
    Artifact Server connection
    Add Cloudsmith repositories to Harness as a native Artifact Server so every pipeline stage can resolve versioned packages without manual intervention.
    Secrets Manager authentication
    Store your Cloudsmith API key or Entitlement Token as an encrypted secret in Harness Vault or any supported third-party Secrets Manager, keeping credentials out of pipeline YAML.
    Multi-format artifact storage
    Cloudsmith supports 30+ package formats, so Harness services can pull Docker images, Helm charts, Maven JARs, npm packages, and more from a single managed registry.
    Pipeline stage promotion
    Promote artifacts from development through staging to production inside Cloudsmith without re-uploading, preserving provenance and integrity across every pipeline stage.
    Audit trail and access control
    Every pull, push, and promotion is logged in Cloudsmith's audit log. Fine-grained repository permissions ensure only authorized Harness services can access your artifacts.

Why teams integrate Cloudsmith with Harness

Harness CD orchestrates your deployments, but artifact governance is only as strong as the registry behind it. Cloudsmith fills that gap with security, traceability, and global delivery built in.
Without CloudsmithArtifacts are scattered across cloud storage buckets, ad-hoc registries, and CI caches. Harness services pull from inconsistent sources, leading to broken deployments when a package moves or disappears.
With CloudsmithCloudsmith acts as a single, reliable Artifact Server for all Harness services. Every version is immutable and addressable, so pipelines always resolve exactly what they expect.
Without CloudsmithCredentials for private registries are hardcoded in pipeline YAML or stored inconsistently across teams, creating security gaps and making rotation painful when a key is compromised.
With CloudsmithAPI keys and Entitlement Tokens live in Harness Secrets Manager, referenced by name in pipelines. Rotating a credential in one place instantly updates every pipeline that depends on it.
Without CloudsmithThere is no unified audit trail connecting what was built, where it was stored, and what was deployed. Compliance reviews require manually correlating logs from multiple systems.
With CloudsmithCloudsmith logs every artifact operation with timestamps, user identity, and repository context. Combined with Harness deployment records, you get a complete provenance trail from build to production.

Frequently asked questions

  1. Add your Cloudsmith repository as an Artifact Server in Harness using your workspace and repository slug. Authenticate with either a Cloudsmith API key or an Entitlement Token stored as an encrypted secret in your chosen Harness Secrets Manager.

  2. Entitlement Tokens are the recommended option for runtime authentication. They scope access to specific repositories, can be rotated independently, and reduce the blast radius if a credential is compromised. Use API keys for administrative operations such as uploading packages from CI.

  3. Cloudsmith supports over 30 formats, including Docker, Helm, Maven, npm, PyPI, NuGet, Debian, RPM, and Raw/Generic binaries. Any format Harness supports as an artifact source can be backed by a Cloudsmith repository.

  4. Harness includes a built-in Secrets Manager (Harness Vault) and supports third-party managers such as AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, and HashiCorp Vault. Add your Cloudsmith API key or Entitlement Token as an encrypted secret and reference it by name in your connector configuration.

  5. Yes. Cloudsmith lets you mirror your pipeline topology with separate repositories for development, staging, and production. You can promote an artifact from one repository to the next without re-uploading it, preserving its integrity and provenance trail across every stage.

  6. Every download, upload, and promotion is recorded in Cloudsmith's audit log with a timestamp, IP address, and the credential used. This makes it straightforward to demonstrate which artifact version was deployed in each Harness pipeline run.

  7. Yes. Cloudsmith runs vulnerability scanning on every package in your repositories. You can configure policy rules to quarantine packages with critical CVEs, preventing Harness from pulling a compromised artifact before it reaches a deployment stage.

  8. Cloudsmith supports fine-grained, repository-level permissions. Each team or service account gets a dedicated Entitlement Token scoped to the repositories it needs. You can grant read-only access to deployment services while restricting write access to CI pipelines that publish artifacts.

  9. Cloudsmith delivers artifacts over a CDN with 600+ edge points of presence, so delegate agents in any region pull packages with low latency. You can also configure storage regions to keep artifacts geographically close to your deployment targets.

  10. The full integration guide, including how to configure an Artifact Server, set up Secrets Manager credentials, and reference Cloudsmith artifacts in a Harness Service, is available in the Cloudsmith documentation at docs.cloudsmith.com.

Integrations

Discover more Cloudsmith Integrations