Plugin signature support
calebhailey opened this issue · 1 comments
We should sign our plugin to be compatible with Grafana's plugin signature verification:
Plugin signature verification (signing) is a security measure to make sure plugins haven’t been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.
At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana does not load nor start it. To see the result of this verification for each plugin, navigate to Configuration -> Plugins.
Grafana also writes an error message to the server log:
WARN[05-26|12:00:00] Some plugin scanning errors were found errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"
See the Grafana plugin signing developer documentation for more information.
To help if someone facing problem loading sensu datasource plugin into grafana
For docker, specifiy a variable as below
GF_PLUGINS_ALLOW_LOADING_UNSIGNED_PLUGINS=sensu-sensugo-datasource
or if you have binary installed edit grafana.ini
[plugins]
allow_loading_unsigned_plugins = "sensu-sensugo-datasource"