Where HashiCorp’s Atlas External Vagrant Box Images Actually Hosted

To vigilant users, authenticity matters. Aside from checking hashes of images, you might also want to know where the box images you use in Vagrant are downloaded from. However, this information is not explicitly provided on HashiCorp’s Vagrant Cloud. Here is how you can uncover this information….


Take box centos/7 as an example. From its information page you just got an ” Externally hosted (cloud.centos.org)” label, no complete URL. In order to get the actual location of the image, the following script is used:

In the output, you’ll see URLs to box images. At the time of writing, the default box image URL for VirtualBox provider is https://vagrantcloud.com/centos/boxes/7/versions/1802.01/providers/virtualbox.box. Choose whichever image URL depending on the version and provider you’re interested, then you can further run:

In this example, you’ll find it redirects you to https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1802_01.VirtualBox.box, which is an image published on official CentOS website.


4 Comments for “Where HashiCorp’s Atlas External Vagrant Box Images Actually Hosted”



https://atlas.hashicorp.com/centos/boxes/7 is reading:
CentOS Linux 7/x86_64 Vagrant images updated to 30 September 2016.

Full release notes are published at : https://seven.centos.org/2016/10/updated-centos-vagrant-images-available-v1609-01/

which is the official centos images. But you are right, it is not explicitely stated that the redirect is going to centos.org.

Kuan-Yi Li


Thanks for the update! I’ve made some adjustments to the article to reflect the fact that image URL may change over time.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha loading...