This feature is available only in the Dify Community Edition. Third-party signature verification is not currently supported on Dify Cloud Edition.

Third-party signature verification allows Dify administrators to safely approve the installation of plugins not listed on the Dify Marketplace without completely disabling signature verification. This supports the following scenarios for example:

  • Dify administrators can add a signature to a plugin sent by the developer once it has been approved.
  • Plugin developers can add a signature to their plugin and publish it along with the public key for Dify administrators who cannot disable signature verification.

Both Dify administrators and plugin developers can add a signature to a plugin using a pre-generated key pair. Additionally, administrators can configure Dify to enforce signature verification using specific public keys during plugin installation.

Generating a Key Pair for Signing and Verification

Generate a new key pair for adding and verifying the plugin’s signature with the following command:

dify signature generate -f your_key_pair

After running this command, two files will be generated in the current directory:

  • Private Key: your_key_pair.private.pem
  • Public Key: your_key_pair.public.pem

The private key is used to sign the plugin, and the public key is used to verify the plugin’s signature.

Keep the private key secure. If it is compromised, an attacker could add a valid signature to any plugin, which would compromise Dify’s security.

Adding a Signature to the Plugin and Veriyfing It

Add a signature to your plugin by running the following command. Note that you must specify the plugin file to sign and the private key:

dify signature sign your_plugin_project.difypkg -p your_key_pair.private.pem

After executing the command, a new plugin file will be generated in the same directory with signed added to its original filename: your_plugin_project.signed.difypkg

You can verify that the plugin has been correctly signed using this command. Here, you need to specify the signed plugin file and the public key:

dify signature verify your_plugin_project.signed.difypkg -p your_key_pair.public.pem
If you omit the public key argument, verification will use the Dify Marketplace public key. In that case, signature verification will fail for any plugin file not downloaded from the Dify Marketplace.

Enabling Third-Party Signature Verification

Dify administrators can enforce signature verification using pre-approved public keys before installing a plugin.

Placing the Public Key

Place the public key corresponding to the private key used for signing in a location that the plugin daemon can access.

For example, create a public_keys directory under docker/volumes/plugin_daemon and copy the public key file there:

mkdir docker/volumes/plugin_daemon/public_keys
cp your_key_pair.public.pem docker/volumes/plugin_daemon/public_keys

Environment Variable Configuration

In the plugin_daemon container, configure the following environment variables:

  • THIRD_PARTY_SIGNATURE_VERIFICATION_ENABLED
    • Enables third-party signature verification.
    • Set this to true to enable the feature.
  • THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS
    • Specifies the path(s) to the public key file(s) used for signature verification.
    • You can list multiple public key files separated by commas.

Below is an example of a Docker Compose override file (docker-compose.override.yaml) configuring these variables:

services:
  plugin_daemon:
    environment:
      FORCE_VERIFYING_SIGNATURE: true
      THIRD_PARTY_SIGNATURE_VERIFICATION_ENABLED: true
      THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS: /app/storage/public_keys/your_key_pair.public.pem
Note that docker/volumes/plugin_daemon is mounted to /app/storage in the plugin_daemon container. Ensure that the path specified in THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS corresponds to the path inside the container.

To apply these changes, restart the Dify service:

cd docker
docker compose down
docker compose up -d

After restarting the service, the third-party signature verification feature will be enabled in the current Community Edition environment.