Howdy, you can definitely have a charm that is in the store that is not visible to everyone.
In there you can find references to the ACL and permissions available. There’s a global “everyone” that means it’s public. However, you can push to a team namespace and folks can leverage that as the charm url to get access to the charm.
The key thing to note is that this means that anywhere you deploy the charm you’ll need to be able to authenticate, via the
charm login command before you attempt to deploy so that the checks around “may you access this” can go through and pass.