Plugin signature

yanivo · August 11, 2020, 6:08am

Hi,

I’m a bit stuck with the digital signature part in:

I have the public key from:

https://grafana.com/api/plugins/ci/keys

I saw in conf/defaults.ini this value:
secret_key = SW2YcwTIb9zpOOhoPsMm

Is it related to the plugin signature?

How can I generate a private key and how can I encrypt the JSON?
(btw, I prefer doing it by using linux cli).

Thanks

marcusolsson · August 12, 2020, 2:15pm

Unfortunately, only commercial plugins are signed at this point. We’re planning to roll this out to community plugins in the future, but I don’t have any dates yet.

yanivo · August 13, 2020, 6:40am

Thanks for your reply.

knoguchi · August 23, 2020, 11:00pm

I’m in the same boat.

How will this work? Will the https://grafana.com/api/plugins/ci/keys somehow include my key upon approval or something?

As of now the key from the above URL contains only 1 entity in the keyring which is “Grafana eng@grafana.com”. I saw grafana-worldmap-panel is signed with the keyid 7E4D0C6A708866E7 hence it got green – that is my understanding.

If my understanding is correct, what are the requirements and procedure to include my public key?

marcusolsson · August 24, 2020, 2:02pm

We haven’t yet figured out how to sign community plugins. Currently, only commercial plugins can be signed.

Topic		Replies	Views
Grafana Datasource - Sign a Private Plugin Signing & publishing	6	1196	November 14, 2022
Grafana Panel - Sign a Private Plugin Signing & publishing	13	3918	February 28, 2024
Plugin panel signing Signing & publishing	2	607	March 27, 2022
Signing is Plugin in private mode Signing & publishing windows	5	2242	September 16, 2022
Invalid signature when signing a private plugin Signing & publishing	4	4686	April 12, 2022

Plugin signature

Related topics