Managed Upwarden. Zero infrastructure.
Upwarden Cloud — fully managed, zero infrastructure — is live. Sign up, mint a key, and point your package manager at it. The same silent rollback and the same scanner as self-hosted Upwarden, without a server to operate.
Upwarden Cloud is live. The steps below are exactly how you get protected — sign up, mint a key, point your package manager, and watch the firewall work. Prefer to keep everything inside your own network? You can self-host instead.
1 · Sign up
Create your organization in the Upwarden Cloud console. There's nothing to install — the firewall is provisioned behind your account.
Console: https://app.upwarden.io/
2 · Get a key
Every install authenticates with a vk_… project key, scoped to one project inside your organization. In the console:
- New organization → give it a slug + name.
- Open it → Projects → New project (usually one per repo or pipeline).
- Open the project → API keys → New key. The
vk_…string is shown once — copy it into your secret store now.
Full walkthrough (UI and scriptable API): Create your first key.
3 · Point your package manager
One config line per ecosystem, pointed at the managed endpoint <eco>.pkg.upwarden.io. Drop your vk_… key into the matching environment variable. Every install from then on flows through the firewall.
registry=https://npm.pkg.upwarden.io/
//npm.pkg.upwarden.io/:_authToken=${VG_NPM_API_KEY}
[global]
index-url = https://${VG_PYPI_API_KEY}@pypi.pkg.upwarden.io/simple/
[source.crates-io] replace-with = "upwarden" [registries.upwarden] index = "sparse+https://crates.pkg.upwarden.io/index/"
bun is first-class — it reads the standard registry config, so it's covered exactly like npm. Private and scoped packages keep working: your existing upstream tokens pass straight through. Other ecosystems (Maven, NuGet, Go, RubyGems) follow the same <eco>.pkg.upwarden.io convention — see the full quickstart.
4 · Verify it works
Install anything. A safe package installs as usual — the only added latency is a single proxy hop. To watch the firewall act, request a version known to be blocked and see it roll back:
$ npm install lodash upwarden › lodash@4.17.22 — BLOCKED (malware signature match) upwarden › resolving to last safe version → 4.17.21 added 1 package — lodash@4.17.21 ✓ build green
Floating ranges roll back automatically; exact pins to a blocked version fail loudly with an actionable [UPWARDEN] message. More: Verify it's working and Troubleshooting.
What we can see — and what we can't
Upwarden Cloud is the managed path, so — unlike self-host — your install requests transit our managed infrastructure. We keep that honest:
- Isolated per tenant. Every organization's data is separated at the database row level; one tenant can never see another's.
- We see package coordinates, not your code. Upwarden is a registry proxy — it sees the dependency names and versions you request and the artifacts it serves, not your source.
- Your audit log, yours to query. Each install and block is recorded against your project; retention depends on your plan. We never sell or share it.
- Want nothing to leave your network at all? Self-host keeps every byte inside your perimeter with zero telemetry — the same product, your infrastructure.
Ready to start?
Create your account and mint your first key in minutes.
Managed when you want speed. Self-hosted when you want sovereignty.
Spin up on the managed console in minutes, or run it free inside your own perimeter — and talk to us if you're rolling out across an org.