Security and Firewall Information

At packagecloud, security is paramount. Our customers entrust us with business critical assets, so we take security very seriously.

The information presented below pertains to our cloud based, multi-tenant SaaS service that we run and manage.

Our on-premise enterprise product packagecloud:enterprise is run by you, on your infrastructure (your AWS account or your own datacenter) which means it is governed by your existing information security controls: from firewalls and VPNs, to IAM and monitoring systems. As such, the information below does not pertain to packagecloud:enterprise installations.

Firewall Information and IP Address Ranges

packagecloud

packagecloud.io supports both IPv4 and IPv6 via Amazon AWS.

Our IP addresses can change dynamically due to AWS autoscalers, so we recommend you configure your systems to obey the TTLs of our DNS records.

Hostnames

If you are using hostname-based Firewall rules, these are all the hostnames you will need to whitelist.

  • d3fo0g5hm7lbuv.cloudfront.net
  • packagecloud.io

CloudFront

packagecloud.io uses CloudFront to cache package objects. You may need to whitelist CloudFront's IP Range if you are behind a Firewall.

You can find information about CloudFront's public IP list here

GPG Key

This is the packagecloud public GPG Key. If you have any security concerns or reports please reach out responsibly with an encrypted message using our GPG key below to support@packagecloud.io.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFwOqysBEACmddA6oLZjZWl94rc3vs9uyNNUZ6cg/UBwwQKhN6yZ++VNSzvn
cgeT0H17DJ6XzRD/M1wgvtKxuhdlJSEZTVysoyLB1I8bMZmI5HZsyQkXR+JZwhMI
NiVYpT2Dc6cB6qToD2Wn3vTHaluXO3pGMk6fiNmTAIKUDiG2amYb3AkYHQKPeEAU
uEHWQegG1pnKRkFLGatp0lTs9zpvkSj09QW0lk216lGrR+aQTD+ossm+CHgqQjPc
LizXxF+kxojcuvPuiNPEyAOCbyInGnmftgP/vtN/ElxNeSaGyPsh1BXPlQtAgdTM
NluZYjUP/2QFs/zEWgXSdZqFC1nDIIyXL2Le166NbfK961uZxxqn6dj6bw0eeIC3
6JIg/tMDdVOqaN4zJyGYTm232RE+KYRfocIifdi1HlrRniEHaR/48WAgaPqIbOEF
Xf0l67oiovdlSPWX1lf2FPGSx/jxZSS/uX7X3tVZmVmgOmGuLcSu0zXEMlcdRp1c
49a5hbxOnE/ni9rMhfsvhYe2cR2YPWidk+0E328mlfemlaWNvzdl4cP3L8MAGY6M
eCoyqDRHmyO5zCbudxq7Dq3ckBdD4RhAWudlyOs4gMJhFLy7aKTL8USdmsj4iHJ3
2VJqvoD9lIDydG8aADLiLOqjRgzUl9lD96LdsObcyEGduvWwfgHZkRQH/wARAQAB
tDdwYWNrYWdlY2xvdWQgb3BzIChwcm9kdWN0aW9uIGtleSkgPG9wc0BwYWNrYWdl
Y2xvdWQuaW8+iQI4BBMBAgAiBQJcDqsrAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRABZmJH6/8SGOyrD/9zkW4DLTIlf7oYaEJH/0WxSfKvyMykT55MOn81
3vOxOdxZIqjf27o5aeY1W1/UVXEr3mrLvkZFbkc701gypo2F/EGLS8oLAS4WPT0G
CgMw2xwtn/icX9LXi/xIerSxV5fYUiKkkjI5S53x5lHtAn9h3/cOSRHBYP1x61Na
MaZta9dI3RDqzvms7gAfUuvyn+9ux2wmmqQFaMX+PSQIKujg0KOyYZEVOJWyTETo
m+6aj4Cd6pdYkfo9eZoPYV96XmUnXlxWDTeA0haVU6v5A781Tm6TVoRd0ugAuLex
yRxQ8f0D5vOmPCcsqQmhyE4n1rZA7uToDpj5IC5lJ8LRnKoWHbZZbO1WKAoJgjbS
QEFK4Fm7cTKjy2K/4xhFjJQAYTwE51x6rFz98MC27X+f8xmchLdVYj5QsliMeZ9a
tx5D82TR31v2vlb2CVf4zvSE4scf0t3UdAP9MDtopFuwec2Sldv2OjnsWuwAz7Sq
zARHjmbtZDP0Urd2cfiaJWRLwIhYK+iLImGZeF2iLs0Keexe+ojLCmUdUR90fDWG
c0tbFkeRZ0HJWRorLvsNcPzBWeZE6kGWe3FPM3qA2ET7zn5hczBsQI37zL8B3lag
O1QgNigxEiXf70iwwSYNW0WfYojkDcbhMENuEubYkwsSxPs+VBTg+Oh7uWhAIA+k
LNqTJLkCDQRcDqsrARAArmoy2/XYWyhWHi+wxUi5Q6zEYgZSURFRoU0SXFaBDxSV
+Sp0v0Y7So9YcqTHffhEt8GmpEjph/V7w2cyCJquuxP2c1x9gZuMJAqNIxO684KD
FIQBL/JVG2tG0Zscz3K75gBkiAwEILzT6tAQdG5kWtZQ1IXgZsCvPFMDVtT5SuWW
B4b2pMYsTgIp+waTvhYVlXF8/woLCdNarzyqi31DSN34a8kQ46054ZpM4p7FN1ul
TiEMPyInR6usKkmFj2r7hKmni7wcqH1+FLz3he+UDcAi6z6nWjuHenDX7CkjcylB
J67DiiFNtzOrPyeJhW0gwVEcKo3VlLQdgOIIQ/UJ3zU2VpwGxC8jss7hrzLdkYU3
XUTeS2Ug8/jCUE1nhjrHsG/Pec6A6lD2RrdDz9AVR/71cw1fZd5ei6WR/bKOHMDC
/dIq1+yHGVDAIgYZU0dJNyifB4XsDya7aY166ggaWnXV0bQix4+P4gU/ZFLGfw83
DB2+/gYajiG5BS1dzf+5cOJQ89HcKzYZobcthaBbfrrhWsksfFD1X6zimL/f2Liu
c/T+wrxSpnTzVrgfXH2y1YWR1TE8PisE6kSTAe9rwa+gQz/L51tvVlrBZ2mh4vg3
nS6kTK6fATOfLwhFxwLelGdMtAJb5QBiJw3o0zL9OhKf9jfz36nJw8qRtBQBKV0A
EQEAAYkCHwQYAQIACQUCXA6rKwIbDAAKCRABZmJH6/8SGA1lD/9RMvvyQO0y723s
dHjDAL/IHWhHCqt9H3Entlv2etZ0nKn1Mgb0lUdInE6A7aQZyZA5DiUEbXX/oOrk
GrYGY1aZV4QK6iC+jOe6DsYsk4gYD/699C4fOz36KjL3GzaLws7LrfdgyNatEWxr
T+zE9sKn68Jkbji//VegROEpmyfbEP53IZxGWGkyQqzBmF9D9+KUsaQwpFobZCrB
M4u0iup/53chePHJi/fkVzVGLDbjtakMk5/ar7d/Eu//OS6asvk1XW7NhS9BJHIC
qtOViuRjEzaBAAIkOhjVOBZQb9o2D8UWD7Hgxce5Fcqw1z0vjZ7g35LTYL8Ql3qo
xw1rRjMhBLrZxB8cA6yk5m0WefpRYwQtlWACsv6oBx3IsBCviF2KMvnGuSdSfue1
zsoyh54Sx4G51iyktIq9OyBzdYLSOw3d4EgwRu1FfWvzgZr8GaGgXoY0YBi+Q09C
HzL1czWYoyjB8DGUSXRpr52i+h67THLd+M90iJa5gaOBLe3mHKraCsQwTUktwpo3
8KMd25LFBihCBtej3ERn0hS7Dy+Gg2/0h7vHphdhxIrvwU1iDJEb6ocaSrLKBCZw
HnZO+AbXd4TyrX1siLgWytUV6vGXyPgjOz82LOYU5tDfSloMwG1szLkBkel1jfqq
O9hwM8Qb5bx+EMXaqRek4ZpFNDayoQ==
=C3/y
-----END PGP PUBLIC KEY BLOCK-----
Download our public GPG Key

PCI Compliance

We use Stripe to process credit card payments for all accounts on packagecloud.io. By using Stripe, along with end-to-end SSL/TLS across the website, packagecloud complies with all PCI Data Security Standards. For more information on Stripe's integration security guidelines visit Stripe's Integration Security Guide.

SSL/TLS

packagecloud.io is strictly HTTPS/SSL only. There is no plain text access whatsoever.