Plugin signature

Hi,

I’m a bit stuck with the digital signature part in:

I have the public key from:

https://grafana.com/api/plugins/ci/keys

I saw in conf/defaults.ini this value:
secret_key = SW2YcwTIb9zpOOhoPsMm

Is it related to the plugin signature?

How can I generate a private key and how can I encrypt the JSON?
(btw, I prefer doing it by using linux cli).

Thanks

1 Like

Unfortunately, only commercial plugins are signed at this point. We’re planning to roll this out to community plugins in the future, but I don’t have any dates yet.

Thanks for your reply.

I’m in the same boat.

How will this work? Will the https://grafana.com/api/plugins/ci/keys somehow include my key upon approval or something?

As of now the key from the above URL contains only 1 entity in the keyring which is “Grafana eng@grafana.com”. I saw grafana-worldmap-panel is signed with the keyid 7E4D0C6A708866E7 hence it got green – that is my understanding.

If my understanding is correct, what are the requirements and procedure to include my public key?

We haven’t yet figured out how to sign community plugins. Currently, only commercial plugins can be signed.