Plugin signatures

At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana does not load nor start it. To see the result of this verification for each plugin, navigate to Configuration -> Plugins.

Grafana also writes an error message to the server log:

If you are a plugin developer and want to know how to sign your plugin, refer to Sign a plugin.

Plugin Level	Description
Private	Private plugins are for use on your own Grafana. They may not be distributed to the Grafana community, and are not published in the Grafana catalog.
Community	Community plugins have dependent technologies that are open source and not for profit. Community plugins are published in the official Grafana catalog, and are available to the Grafana community.
Commercial	Commercial Plugins are published on the official Grafana catalog, and are available to the Grafana community.

Plugin Level

Description

Private

Private plugins are for use on your own Grafana. They may not be distributed to the Grafana community, and are not published in the Grafana catalog.

Community

Community plugins have dependent technologies that are open source and not for profit.

Community plugins are published in the official Grafana catalog, and are available to the Grafana community.

Commercial

Commercial Plugins are published on the official Grafana catalog, and are available to the Grafana community.

Allow unsigned plugins

We strongly recommend that you don’t run unsigned plugins in your Grafana installation. If you’re aware of the risks and you still want to load an unsigned plugin, refer to .

If you’ve allowed loading of an unsigned plugin, then Grafana writes a warning message to the server log: