Sign Grafana plugins with ease.
ToC
@grafana/sign-plugin works on macOS, Windows and Linux.
If something doesn’t work, please file an issue.
If you have questions or need help, please ask in GitHub Discussions.
Signing a plugin allows Grafana to verify the authenticity of the plugin with signature verification. This gives users a way to make sure plugins haven’t been tampered with. All Grafana Labs-authored plugins, including Enterprise plugins, are signed.
All plugins require a signature since Grafana 7.0.
Please refer to Signing plugins documentation to understand how to sign a Grafana plugin. The following commands are mentioned here for development purposes.
In your plugin directory, sign the plugin with your Grafana access policy token. Grafana sign-plugin creates a MANIFEST.txt file in the dist directory of your plugin.
export GRAFANA_ACCESS_POLICY_TOKEN=<YOUR_GRAFANA_ACCESS_POLICY_TOKEN>
npx @grafana/sign-plugin@latestIf the plugin distribution directory differs from the default dist, specify the path to use with the --distDir flag.
export GRAFANA_ACCESS_POLICY_TOKEN=<YOUR_GRAFANA_ACCESS_POLICY_TOKEN>
npx @grafana/sign-plugin@latest --distDir path/to/directoryIn your plugin directory, run the following to create a MANIFEST.txt file in the dist directory of your plugin.
npx @grafana/sign-plugin@latest --rootUrls https://example.com/grafanaAlterntives:
npx @grafana/sign-plugin@latestyarn (> 2.x)
yarn dlx @grafana/sign-plugin@latestWe are always grateful for contribution! See the CONTRIBUTING.md for more information.