As part of our ongoing commitment to providing a safe, secure user experience, we will no longer allow users to authenticate requests to the Cloudsmith API using their Cloudsmith username and password. This follows the removal earlier in July of username and password authentication for package downloads, and just like that previous change, we’ll be here every step of the way to guide you through these changes. 💪
On September 24th, 2024, we will remove support for authenticating requests to Cloudsmith’s API using a username and password. The one exception is the Cloudsmith endpoint to retrieve your API key; to address that exception, we will add support for SSO and 2-factor authentication enforcement. It’s time to embrace more secure authentication methods (detailed below), and further our commitment to security.
Boosting security: We're always looking to lock your data tighter than a drum. Removing username/password authentication reduces the risk of unauthorized access. ️🛡
Simplifying security: Fewer attack vectors mean a safer environment for everyone. We're streamlining to keep the bad guys out. 🚫
Move to a more secure authentication method: We recommend moving to OIDC authentication, entitlement tokens, or API keys, in that order of preference. All are excellent choices, depending on your needs!
Mark your calendars: The final curtain username/password authentication call is September 24th, 2024. That gives us all 60 days to transition smoothly. 📅
🚧 Brownout notices:
To ensure everyone's ready, we'll conduct brownouts (temporary disabling) of API authentication via username/password at least seven days before the final removal date. Stay tuned for specific announcements on these tests!
📚 Need assistance? We understand changes can be challenging, so our support team is here to ensure a seamless transition. Check out our documentation, or reach out directly if you need the deadline extended. We're here for you!
Thank you for your understanding, cooperation, and trust as we make these changes. 🌟