Integrations/Terraform Provider

Automate Cloudsmith with the Terraform Provider

Cloudsmith's Terraform Provider lets you define repositories, access controls, entitlement tokens, and permissions as code. Bring Cloudsmith into your existing IaC workflows and eliminate manual configuration drift across environments.

How we support Terraform Provider

Cloudsmith gives you a fully managed artifact registry you can provision and govern entirely in code. The Terraform Provider exposes every key resource so your infrastructure team works the same way everywhere.
    Repository provisioning
    Create and configure Cloudsmith repositories directly from your Terraform configuration files. Repository type, description, and slug are all manageable as code.
    Access control as code
    Assign users, teams, and service accounts to repositories with defined privilege levels. Keep your access model version-controlled and auditable alongside the rest of your infrastructure.
    Entitlement token management
    Create and restrict entitlement tokens through Terraform. Set download limits, IP restrictions, and other controls programmatically to govern how artifacts are distributed.
    Consistent multi-environment setup
    Reuse the same Terraform modules to provision identical Cloudsmith configurations across dev, staging, and production. No manual steps, no configuration drift between environments.
    IaC pipeline integration
    The Cloudsmith Provider is published on the Terraform Registry and works with any Terraform-based workflow, including Terraform Cloud, Atlantis, and custom CI/CD pipelines.

Why teams integrate Cloudsmith with Terraform Provider

Managing artifact infrastructure by hand creates invisible risk. Codifying it with Cloudsmith and Terraform removes the gap between intent and reality.
Without CloudsmithRepository creation and access changes are applied manually through the UI. There is no version history, no review process, and no reliable way to reproduce settings across environments.
With CloudsmithEvery repository, permission, and entitlement token is defined in a Terraform module, reviewed in a pull request, and applied consistently. Your artifact infrastructure is reproducible from a single source of truth.
Without CloudsmithConfiguration drift is invisible. Production and staging registries diverge silently over time as ad-hoc changes accumulate, making it hard to diagnose access failures or policy gaps.
With CloudsmithCloudsmith resources are declared in code and applied by Terraform, so drift is detected on every plan. Any deviation between desired state and actual state is surfaced before it causes a problem.
Without CloudsmithOnboarding a new service or team requires coordinating manual steps across multiple systems. Access is inconsistent, permissions are over-provisioned, and cleanup is rarely done.
With CloudsmithNew repositories and access policies are provisioned in minutes via a standard Terraform module. Least-privilege access is enforced by default and deprovisioning is a code change away.

Frequently asked questions

  1. You can manage repositories, entitlement tokens, repository privileges, and namespace-level settings. This covers the core Cloudsmith resources needed to provision a fully working artifact registry configuration as code.

  2. The provider is published on the official Terraform Registry under cloudsmith-io/cloudsmith. You can reference it directly in your required_providers block.

  3. Authentication uses a Cloudsmith API key, passed via the api_key argument in the provider block or through the CLOUDSMITH_API_KEY environment variable. Using an environment variable is recommended for CI/CD pipelines to avoid storing credentials in code.

  4. Yes. The repository privileges resource lets you assign users, teams, and service accounts with specific privilege levels such as Read, Write, or Admin. This makes it possible to enforce least-privilege access as part of your standard provisioning workflow.

  5. Yes. You can create entitlement tokens and configure restrictions including download limits, IP allowlists, and path restrictions directly through the Terraform resource. This lets you govern artifact distribution programmatically.

  6. Yes. The Cloudsmith provider works alongside any other Terraform provider. A common pattern is to provision cloud infrastructure with an AWS, Azure, or GCP provider and use the Cloudsmith provider in the same configuration to set up the artifact repositories those services depend on.

  7. Yes. The provider follows the standard Terraform provider interface and works with any execution environment that supports Terraform, including Terraform Cloud, Atlantis, Spacelift, and custom CI/CD runners.

  8. When provisioning repository privileges using a service account, ensure you explicitly grant that account Admin privilege in the same privileges resource block. Without this, the service account may lose access to further provisioning on that repository after the first apply.

  9. Yes. Use terraform plan to preview all changes before applying. You can also maintain separate Cloudsmith workspaces for dev, staging, and production and promote validated configurations through each stage using the same Terraform modules.

  10. The Cloudsmith documentation at docs.cloudsmith.com includes worked examples, a minimal complete module example, and notes on managing entitlements and repository privileges. The Terraform Registry entry for cloudsmith-io/cloudsmith also contains the full resource and data source reference.

Integrations

Discover more Cloudsmith Integrations