Sign Grafana plugins with ease.
ToC
@grafana/sign-plugin works on macOS, Windows and Linux.
If something doesn’t work, please file an issue.
If you have questions or need help, please ask in GitHub Discussions.
Signing a plugin allows Grafana to verify the authenticity of the plugin with signature verification. This gives users a way to make sure plugins haven’t been tampered with. All Grafana Labs-authored plugins, including Enterprise plugins, are signed.
All plugins require a signature since Grafana 7.0.
Please refer to Signing plugins documentation to understand how to sign a Grafana plugin. The following commands are mentioned here for development purposes.
In your plugin directory, sign the plugin with your Grafana API key. Grafana sign-plugin creates a MANIFEST.txt file in the dist directory of your plugin.
export GRAFANA_API_KEY=<YOUR_API_KEY>
npx @grafana/sign-pluginIn your plugin directory, run the following to create a MANIFEST.txt file in the dist directory of your plugin.
npx @grafana/sign-plugin --rootUrls https://example.com/grafanaAlterntives:
npx @grafana/sign-pluginyarn (> 2.x)
yarn dlx @grafana/sign-pluginWe are always grateful for contribution! See the CONTRIBUTING.md for more information.