This document describes how to enable and use the third-party signature verification feature in the Dify Community Edition, including key pair generation, plugin signing and verification, and environment configuration steps, enabling administrators to securely install plugins not available on the Dify Marketplace.
your_key_pair.private.pem
your_key_pair.public.pem
signed
added to its original filename: your_plugin_project.signed.difypkg
You can verify that the plugin has been correctly signed using this command. Here, you need to specify the signed plugin file and the public key:
public_keys
directory under docker/volumes/plugin_daemon
and copy the public key file there:
plugin_daemon
container, configure the following environment variables:
THIRD_PARTY_SIGNATURE_VERIFICATION_ENABLED
true
to enable the feature.THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS
docker-compose.override.yaml
) configuring these variables:
docker/volumes/plugin_daemon
is mounted to /app/storage
in the plugin_daemon
container. Ensure that the path specified in THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS
corresponds to the path inside the container.