Welcome to Plastic Cloud Edition - the Plastic SCM hosted solution.
This guide will help you get up to speed with Plastic Cloud Edition and its key
This guide serves as a walkthrough to get your Plastic repositories (repos) up and running in the cloud.
What is Plastic Cloud
Plastic Cloud is the hosted Plastic SCM server solution.
We have two different Cloud products:
Plastic Cloud Edition
For teams who do not need an on-premises server. The only central location is the Cloud.
Team members can have local clones of the repositories or alternatively work directly connected to the Cloud.
Requirements: Purchase Cloud Edition (not Enterprise + Cloud).
This guide documents this version of Plastic Cloud.
Plastic SCM Enterprise Edition plus Cloud extension
This product is designed for teams who require an on-premises server (included in Enterprise Edition)
and host repositories on the Cloud.
Requirements: Purchase Enterprise Edition and add the Cloud Extension (not Cloud Edition).
You will work with Plastic Cloud just as you do with a conventional Plastic SCM server;
you will push and pull branches, create repositories, manage permissions, and more.
Internally, Plastic Cloud uses a fully redesigned Plastic server core. The cloud core runs on several cloud roles instead
of a single computer. This means that it can be horizontally scaled by simply adding more roles (computers).
Plastic Cloud is a multi-tenant and highly scalable solution capable of handling thousands of different organizations.
It makes the best possible use of the underlying cloud infrastructure.
In practice, this means you don't have to worry about server setup or maintenance. We'll handle that for you!
Who is it for?
There are many scenarios where Plastic Cloud Edition fits:
You are a small team and don't want to handle any infrastructure. You're already running Plastic on your laptops,
but you don't want to install and administer your own Plastic server. However, you still need a central rendezvous
point for the team. Plastic Cloud extension is for you.
You are part of a large corporate team working in several locations across the world. You need a central server,
but you don't want to depend on your IT group. You can set up a Plastic Cloud organization and use it as
your hosted central server. You would like to enforce encryption on all the data pushed to the cloud before
sending it outside your network for maximum security.
You are a game development team (or any other team dealing with large repositories and huge files), and you couldn't
find a suitable solution with mainstream hosting providers of version control software. Git-based solutions have
the well-known 2GB repos limit. If you need more than that, Plastic Cloud is for you.
These are just 3 key scenarios, but there are many more. Some teams asked us to use the Plastic Cloud extension as
a live cloud-based backup, and that's certainly also an option.
Work centralized, distributed, or both
Plastic Cloud Edition is designed with fully distributed teams in mind. But, Plastic Cloud Edition also supports
centralized and mixed ways of working:
The team members that don't want intermediate repositories and no push/pull actions can go for a simpler direct
checkin to Plastic Cloud cycle.
This is the best option for artists in games together with Gluon.
And it's also available for coders who want to work centralized with
Plastic (the developer GUI).
Each developer works on their machine. Each developer has their own local Plastic SCM repo (or collection of
repositories) so that checkins are always local and blazing fast.
The developers belong to the same Plastic Cloud organization and deliver changes to Plastic Cloud through
This is the best option for developers using Plastic (the
Working both distributed and centralized:
Your team doesn't have to stick with working—distributed or centralized. Some team
members can work centralized and some others distributed.
And Plastic, the developer GUI, also lets you work distributed.
In a distributed workflow, you have a workspace and a local repository (the intermediate repository) where you
directly checkin to, and then you push/pull to the remote repository in a Plastic Cloud server:
In the following Plastic example, you will have:
a workspace (testsrc)
in your machine (Path on disk)
pointing to your repository (testsource)
Then, you will work with Plastic as you would normally do by:
Once you log in, you will enter the area to manage the Cloud organizations. There aren't many options at this point, so you'll
see it is straightforward to use.
Basically, all that you see is a list of the organizations you belong to.
If you are the administrator of an organization (we'll make you the admin when you request the organization),
you'll be able to manage it.
If you click Edit, you'll see something like this:
This is a simple page where you can edit your organization's name and description.
The Organization name field is only writable when the organization is
You can click the View activity button to open a new page where you can see the usage of
your entire cloud organization:
You can also click the Details link to launch a new page with the details by repository:
Read the following section to learn how and what you can manage of your Cloud organization.
Editing lock rules
Click the Edit lock rules button in the Cloud dashboard to configure
the exclusive checkout.
The lock rules let you configure exclusive locking for binary files when you perform a checkout.
The exclusive checkout (or locking) is helpful when working with files that cannot be merged, like binary files
(images, video, audio...).
Using this feature, you can tell Plastic SCM what kinds of files need locking on checkout. If enabled, checking out
a file will prevent other users from doing the same thing until you checkin or undo your changes. You can be
assured that no new revisions of their checked-out files will appear while they're working on them.
The system performs the following operations:
Is the file locked? If yes, it can't be checked out.
If it isn't locked, the file can be potentially locked. Plastic SCM will check whether the file name matches any
of the defined lock rules. If the file name matches the rules, the file will be locked.
You can define rules that can be applied to:
All repositories (organization rules)
Specific repositories. These rules can be file extensions (such as *.xlsx, *.png,
or *.blend) or specific file names (such as readme.txt).
To create/edit lock rules for the organization (all repositories):
Enter the locking rules you want to apply. You can click on the Load common lock rules
button to load the most typical rules used (related to binary files). You can add more rules or
remove some of them.
To store the lock rules, click the Save button.
To create/edit lock rules for a specific repository:
For the repository that you want to edit lock rules, click the Add repository rules
A new empty field will appear under the repository name:
Enter your own rules or load the suggested common lock rules by clicking
Load common lock rules. You can edit them as well.
Click the Save button.
You can remove all repository rules at any time by clicking the Clear repository rules.
Users and groups in Plastic Cloud
Plastic Cloud uses the same underlying mechanism to handle users and groups as a regular Plastic SCM server.
But, unlike Plastic SCM, instead of retrieving users and groups from LDAP, Active Directory, or a custom defined
user/password file, Plastic Cloud works as follows:
Users are retrieved from plasticscm.com. You can invite any user to join your organization, and
once they sign up to plasticscm.com, they will be valid users.
Groups are defined by organization. It is like a cloud-based
groups.conf defined from the organization management area. You can add invited users to
the groups you create.
You can define access policies to the cloud server for users and groups. You configure access policies by using the
Plastic SCM GUI tool or the command line, like you would do with a regular server. At this
point, you only need to define the users, the groups, and their relationships in the web interface.
You can define users as administrators in the web interface and they can access the organization's
administration area. It doesn't have any influence on the Plastic repositories.
In the Users and groups organization administration area, click
Add new user, and you will arrive at this page:
You can enter the email of any user you want to invite, even if they are not yet a plasticscm.com user. They will
need to sign up to plasticscm.com prior to signing in, but you can already configure your groups counting on them
as valid users.
By default, any new user will be automatically added to the built-in group called Developers. Of
course, you can delete the group or rename it.
By default, every new organization comes with two groups: Administrators and
Developers. Every new user marked as Administrator will go to the
Administrators group, and everyone else to Developers.
You can add new groups, delete the default ones, or rename them.
You can also add users to a group. Just click the edit icon
to the right of the group name to access the group configuration area:
In the above example, the pre-configured Developers group is being edited.
From here, you can delete users and add new ones and also go to create new groups. You can also rename the group and
edit its description.
Click Add new member, to go to the following page:
From here, you can type a user's email that you want to add to the group.
Configuration wrap up
As you have seen, configuring your organization is straightforward. You'll get everything you need with just a
At this time, configuring users and groups is all that you can do in the web interface. Anything else is done, as
usual, from the Plastic SCM GUIs or command line.
Encrypt all data uploaded to Cloud
When you request a new organization, you can specify that you want to enforce encryption. If that flag is set
during organization creation, Plastic Cloud will only accept encrypted data for this organization.
The motivation for encryption
Code is a very sensitive asset, so many teams will want to protect it as much as they can.
Even though Plastic Cloud runs on Azure and hence is protected by a well-known provider, we thought it would be a
good idea to offer users the choice to encrypt the data when sending it to the cloud.
When you create the organization as "encrypted," Plastic Cloud rejects non-encrypted data. There's a header in
the data to notify that, but the server doesn't know how to decrypt it.
Both Plastic and
clients need to be configured to handle encrypted data and will ask you to enter the encryption password.
Important! Be very careful with the password since it is the key to encrypting/decrypting
your data. If you lose it, we won't be able to recover your data; it is simply not possible!
However, you'll have your data on your own server too as you're just pushing it to the Plastic Cloud, so you'll have
a local copy of your repo in the unlikely event of a lost password. But, of course,
once you decide to go to production using Plastic Cloud, you'll need your password!
Behind the scenes:
A new file cryptedservers.conf is created on your Plastic SCM server directory with the following content:
In this case, it is saying that every data transfer from/to encrypted_test@cloud must be
encrypted/decrypted using the key created on file e33a805b-0ce5-4047-81da-3c95c3c7b2a9.key.
Frequently asked questions about encrypted data
What do you encrypt exactly?
We just encrypt file data, not metadata. This means that file names, branch names, labels, user names
are not encrypted, only file data.
Does it mean that even if Plastic Cloud gets compromised, attackers won't steal my code?
What if we are a team of, let's say, five, and we're all pushing/pulling to the Plastic Cloud?
Then, you all need to configure your keys. Whether you share the cryptedservers.conf
file, or you share the password. That's up to you!
Optionally, on bigger teams, you can have only one Plastic SCM server in sync with Plastic Cloud, and all the
other replicated repos in the internal network just access to it. There are many possible options.
Can I open a Branch Explorer to Plastic Cloud and diff a cset if the data is encrypted?
Not at this point, but that feature will be available soon. Right now, files will show empty content because
they can't be decrypted on the client.
The goal is to get the credentials from the local server (if configured to do so) to allow this scenario.
Current limitations and notes
You need to use Plastic SCM release 220.127.116.119 or higher to access Plastic Cloud.
The "default" repo is not created in the Cloud so you'll need to create a repo manually before you can push
branches to it.
At this point, changing the revision type of an item in Plastic Cloud is not available. This is a limitation
due to the new storage we're using, different from the standard relational databases we use with
Path-based security is still not reliable in the cloud server. It is not key for replication operations, and
we expect to fix it soon to roll out full checkin workflow support.
What is Plastic Cloud Edition?
Plastic Cloud Edition is a hosted, multi-tenant, cloud-based Plastic SCM server that organizations can use to
store their Plastic SCM repositories in the cloud.
More at plasticscm.com/plasticscm-cloud-edition.
Does Plastic Cloud Edition require a local (on-premises) Plastic SCM Server?
Short answer: No. Yes, if you are a developer working distributed with the regular Plastic SCM
by running push/pull or directly checkin to the cloud organization.
Let's go for the longer explanation now.
Programmers can achieve a better experience by using a distributed workflow with Plastic SCM. This means they
will get better performance by pushing/pulling their branches in local repos to/from Plastic Cloud, instead
of doing direct checkin to cloud. To work distributed, you need a local server, whether central to the
team, installed locally for each developer, or a mix of these combinations.
It is still possible to checkin directly to Plastic Cloud. It is the recommended way to work for users of
Plastic Gluon, the tool designed for artists in game development,
document writers, project managers, and other team members who don't work on code but work on other binary
assets and don't need merge operations. Developers can also checkin directly and merge on Plastic Cloud if
they need to.
How do I upload my data to Plastic Cloud?
You just need to push your data from your local Plastic SCM server to Plastic Cloud.
You will push to the Cloud the same way you push to a regular remote
Plastic SCM server.
You can set up your sync view
to push/pull branches in batches. Remember, your remote
repos will be referenced as reponame@organization@cloud.
Example: tetris@arcadegarage@cloud. The @cloud part simply tells Plastic SCM to
connect to the cloud server instead of specifying a full IP or domain name.
Can I checkin and merge with Plastic Cloud Edition?
Yes, direct checkin and merge have been available since 18.104.22.1682 (Nov-14, 2016). We discouraged direct checkin
and merge for developers because we thought it was slower and they would be better served by push/pull
from their local repos, but we got many requests from customers who preferred this simpler way of working.
We believe that artists in game development, document writers, project managers, and other team members who
don't work on code but other assets will largely benefit from
Plastic Gluon + Plastic Cloud. They will be able to perform direct
checkins and download only the assets or content files they need. Also, exclusive checkout may be configured
to ensure only one person is modifying each file at a given time.
We believe code developers can achieve a better experience by using a distributed workflow with Plastic SCM.
This means they will probably be better served by pushing/pulling their branches to the Cloud, but they can
work centralized too if they prefer. They can also merge using the Cloud server.
Some notes for developers:
Checkins will be slower in the Cloud because data will have to travel through the Internet (and hence
through a higher latency network), as opposed to performing checkins locally or to a server on your LAN.
This is fine for artists and team members working on documents, but developers who expect super-fast
checkins will find it slow. In short, checking in to the Cloud for developers is
like going back to the old SVN days. Still, we optimize the entire cycle continuously for
developers who prefer to work centralized.
However, while it's certainly also affected by network latency, pushing and pulling branches is something you
don't do as frequently. This means that the impact of having a distant server is slower. This is the
DVCS style of working: Many local checkins and then just a push, the same thing that many developers do with
In short, you can checkin and merge on Plastic Cloud, but we recommend that developers check the DVCS +
Plastic Cloud workflow if they feel they need faster operations.
Can I lock files if I use Plastic Gluon to access Plastic Cloud?
Which version of Plastic SCM do I need to access Plastic Cloud?
You need 22.214.171.1249 or higher. Our network API was updated and expanded for Plastic Cloud,
so older versions will not work.
Is my data secured in Plastic Cloud? What is the "data encryption" all about?
Plastic SCM can encrypt your code and data before uploading it to Plastic Cloud.
When you request a new Plastic Cloud organization to host your repositories, you can set it as "encrypted".
This means that whenever you upload data to it, Plastic Cloud requires data encryption. Plastic SCM will
ask you to define an encryption key locally on your server (which can be your team's server).
Therefore, it works as follows:
Before uploading data to Plastic Cloud, the contents of each file are encrypted using the key you have
The file contents are always stored encrypted in Plastic Cloud. This means that in the unlikely event that
the server is compromised, your data won't be accessible by the attacker. The data is encrypted using
a key that belongs to you. Plastic Cloud will never have or require access to this key, so it cannot
decrypt the data.
Whenever you or any of your team members download file contents from Plastic Cloud, the data is decrypted
at your computers once it's received from the Cloud.
Every team member has to share the same data encryption key to work on the same organization. If everyone
used a different one, nobody would be able to decrypt data encrypted by others.
Only file contents are encrypted. File names, directory names, branch names, comments, and label names are not.
Is the connection to Plastic Cloud secured?
Yes, Plastic Cloud only allows SSL connections. Plastic knows that every connection to
@cloud must be secured.
While a regular Plastic SCM server listens both in TCP and SSL, Plastic Cloud is restricted to SSL to enforce
Thus, your server or client connection to the Cloud must be correctly configured to use SSL (which is the
default out-of-the-box setting, by the way).
What happens if I accidentally remove a repository in Plastic Cloud?
Don't panic. Your data is still available.
Actually, when a repository is removed, it's just marked as deleted. You will have up to 14 days to resurrect (or undelete, as we called it on the GUI) a deleted
repository. Once these 14 days pass, the repository data and metadata will get removed forever.
Note: You have to be the owner of the organization to see the "deleted" repositories list and to undelete them.
Where is Plastic Cloud hosted?
Plastic Cloud is currently hosted in Microsoft Azure. That means it's built on top of well-proven technology
by a trusted provider.
Plastic SCM metadata is stored in a combination of SQL Server Azure plus blob storage. Databases are
replicated for high availability and redundancy.
Versioned files are stored in Azure blob storage. Each blob is replicated up to six times on two different
What does it mean to choose a datacenter?
To speed up the data transfer, you can choose the closest datacenter to you to store your versioned
There are several datacenters around the world, so choosing the closest one to team will reduce
the network latency and greatly improve data transfer.
Does Plastic Cloud provide a way to browse repositories online?
Not currently. You can use your Plastic SCM client to list repos, as you would do with a regular remote
Plastic SCM server.
Plastic Cloud Edition starts at
$7/month per team, including all software
plus up to 5GB cloud storage.
Once the 5GB limit is exceeded, the monthly price per team is $5 for up to 25GB.
The next level is $10/month per team for up to 50GB, which is the level specially designed for game
development teams, 3D design teams, or teams who need to handle large binaries.
After the first 50GB, your subscription will grow by buckets of 25GB, at an additional $5/month per
team per bucket.
Plastic Cloud will automatically upgrade your subscription to the next size tier without any interruption
in the service. You will receive an email with the payment details seven days in advance of the next
To subscribe to Plastic Cloud, you need a valid Plastic SCM license (more on "licensing" below). The license
can be a valid Enterprise, Cloud, or a Personal Edition license. You can also use a Trial Edition.
I'm a Community Edition user, can I use Plastic Cloud?
Yes, Community Edition users who qualify as open source projects and non-profit organizations can subscribe
to Plastic Cloud and use their CE licenses to access the service.
I'm a Personal Edition user, can I use Plastic Cloud?
Yes, you can subscribe to Plastic Cloud while using your Personal Edition for free.
I have a Plastic SCM Trial License; can I use it to connect to Plastic Cloud?
Yes, the Trial License is a full-featured license and allows you to access Plastic Cloud. In fact, it's a
great way to test the entire ecosystem before you buy since you have 30 days for free to use both products.
What happens if I cancel my subscription?
If you cancel your subscription, you will have a few days (typically one week) to retrieve all your data
before we remove your organization to free up space. Upon cancellation, you will receive an email notifying
you when the data will be finally erased.