If you, like many of your contemporaries here, are using Cloudsmith for mission-critical delivery of software, we'll bet you're always interested in better ways to protect your assets.
With today's update, we have added support for restricting the location at which your API key can be used to access your account, programmatically. If an IP doesn't match, it'll be forbidden from using the API.
Full CIDR notation is supported, so you can specify a netblock (e.g. an IP allocation for your company, such as 18.104.22.168/16). If you'd like to limit it to your current IP, type "me" and add that. We'll set it to your current IP.
The restrictions apply to all uses of the Cloudsmith API, including package uploads, entitlement management, and even downloads for native APIs (e.g. Docker). Enjoy!