What's new on Cloudsmith

The latest version of the Cloudsmith command-line interface (CLI) now supports authenticating your Cloudsmith account with SAML single sign-on. 🌟 This is useful for users who do not have a username and password and who primarily interact with Cloudsmith through the CLI, as you no longer have to go to the web application to retrieve your API key. 🎉

What’s changed

Previously, the only way to authenticate to Cloudsmith via the CLI was using the cloudsmith login command, which requires a username and password. However, users who authenticate via SAML single sign-on do not have passwords configured for their accounts. Instead, those users had to log into the Cloudsmith web application and retrieve their API key.

Now, the Cloudsmith CLI supports a new command:

cloudsmith auth

How it works

When you use the new cloudsmith auth command, the Cloudsmith CLI will:

• Get the identity provider URL that is configured for the user’s organization.
• Open the identity provider URL in your browser to begin the authentication process.
• If you are already signed in, authentication will complete.
• If you are not signed in, you will be prompted to authenticate with your organization’s identity provider.
• If your user account requires two-factor authentication, you will be prompted to enter your 2FA token

• Once authentication is complete, the CLI is issued an access token for your account.

• This ephemeral token is valid for two hours.
• The access token is stored securely within the user’s operating system credential storage mechanism
• The CLI will attempt to refresh the access token while the CLI is in use.
• If the access token has expired, users can perform cloudsmith auth to re-authenticate.

Getting started 🚀 

To get started, download the latest version of the Cloudsmith CLI from either Cloudsmith or PyPi. Note: The cloudsmith auth command is available from version 1.3.1. For more help with using the Cloudsmith CLI, please check out our documentation.