Grafana Panel - Sign a Private Plugin

Hello Everybody,

I built a panel plugin successfully. I could also see it at grafana.
However, it is unsigned.
I tried to signed it, in accord with the tutorials. So, after creating the plugin, I did:
npx @grafana/toolkit plugin:sign --rootUrls http://localhost:3000

The rootUrls is correctly set at grafana.ini as:
root_url = http://localhost:3000

However, I am getting this error here:

Please, can someone explain to me what I am missing here.


Looks like you might’ve discovered a bug :beetle:

Does it work if you sign it with a previous version? I think you should be able to run it with a specific version like this:

npx @grafana/toolkit@8.3.4 plugin:sign --rootUrls http://localhost:3000

Hallo @marcusolsson,

thanks for your help. I even used different versions of @grafana/toolkit I am getting another error. The error message is: Error signing manifest: Token invalid.

What can be invalid token?
The Grafana API Key was created at my grafana local host and is valid for about 6 months.
More information:
System: Ubuntu 20.04.3 LTS
Running on WSL2.
App: sample app template from grafana compiled and build with yarn.
I tried also with npm.

I appreciate any help!
Thank you vey much!

You need to create an API key using your Grafana Cloud account and use it to sign the private plugin: Sign a plugin | Grafana Labs

I have the same issue as the image below with generating an API key on localhost Grafana.

I don’t think generating an API on Grafana cloud account will help it work on local Grafana. I’ve tried generating it on cloud even with --rootUrls and the plugin doesn’t show up anymore in local Grafana (even in dev mode) once you sign it.

So is there no solution to this? If you host your own Grafana server you’re unable to use Private plugins?

@jn6091 When plugin signed it creates MANIFEST file with all included files and their properties. If any of the files modified, it will be skipped and plugin should be resigned.

If you enable the Dev mode, MANIFEST file should be deleted. It was recently updated in the documentation.

If you do the provided steps in the correct order, plugin should be loaded successfully.
You can take a look at our Panel template for example: GitHub - VolkovLabs/volkovlabs-abc-panel: Template to create a new @grafana panel plugin.

Here is the process i took:

  • Started grafana in production mode
  • cd /var/lib/grafana/plugins
  • npx @grafana/toolkit plugin:create randomname-defaultplugin
  • cd randomname-defaultplugin
  • yarn install
  • yarn dev
  • yarn build
  • Generated API key on grafana cloud account<username>/api-keys
  • export GRAFANA_API_KEY=<generated_key>
  • yarn sign --rootUrls
  • service grafana-server restart

This process above signs it successfully however the plugin does not show in the url.

I just followed your steps and saw the error that plugin was signed for “” when I have Grafana configured for “http://localhost:3000”. Do you see similar error when trying to load plugin? If you do, you should sign it with the correct Server Name.

grafana    | logger=plugin.loader t=2022-03-14T16:58:41.76+0000 lvl=warn msg="Could not find root URL that matches running application URL" plugin=volkovlabs-randomname-defaultplugin appUrl=http://localhost:3000/ rootUrls="unsupported value type"
grafana    | logger=plugin.loader t=2022-03-14T16:58:41.76+0000 lvl=warn msg="Skipping loading plugin due to problem with signature" pluginID=volkovlabs-randomname-defaultplugin status=invalid
1 Like

Indeed that was the issue. After signing it with http://localhost:3000 instead of it works now. Thank you very much!

1 Like

Hi there,
sorry for stealing this topic (I can create a new one if you find it necessary).
I’m following the steps from @jn6091

Possible differences:

  • Using Windows OS (git bash)
  • replacing the for localhost
  • Not using the grafana plugins directory, I’ve a development directory and then copy the dist content directory to the grafana plugins directory

And I’m getting the error:

Error signing manifest: Token invalid

The API Key I used was generated at today and will expire in 2023.

Could you please indicate how can I identify why the token is invalid?

Luís Pinho