Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dify.ai/llms.txt

Use this file to discover all available pages before exploring further.

Third-party signature verification is a Dify Community Edition feature. Dify Cloud manages signatures centrally and does not expose these controls.
Self-hosted Dify enforces signature verification by default. Third-party signature verification lets administrators safely install plugins that are not on the Marketplace without disabling verification entirely. Two scenarios:

Admin signs an approved plugin

The admin reviews a .difypkg from a trusted developer and signs it with their own key before installing.

Developer ships a signed plugin

The developer signs the .difypkg and publishes the matching public key. Admins who trust the developer add that public key to the verification list.
The mechanics are the same in both cases: generate a key pair, sign with the private key, verify with the public key.

Generate a key pair

dify signature generate -f your_key_pair
Two files appear in the current directory:
FileUse
your_key_pair.private.pemSign plugins (keep secret)
your_key_pair.public.pemVerify signatures (share publicly)
Guard the private key. Anyone who has it can sign plugins that pass verification on installations trusting your public key.

Sign and verify a plugin

1

Sign the package

dify signature sign your_plugin_project.difypkg -p your_key_pair.private.pem
Produces your_plugin_project.signed.difypkg in the same directory.
2

Verify the signed package

dify signature verify your_plugin_project.signed.difypkg -p your_key_pair.public.pem
Confirms the signature matches before you distribute or install.
If you omit -p, dify signature verify checks against the Dify Marketplace public key. Any plugin not signed by Dify will fail verification in that mode.

Enable verification on the daemon

Admins install signed plugins by giving the plugin daemon a list of trusted public keys.
1

Place the public key

Put the .public.pem file somewhere the daemon container can reach it. For Docker Compose installs:
mkdir -p docker/volumes/plugin_daemon/public_keys
cp your_key_pair.public.pem docker/volumes/plugin_daemon/public_keys/
2

Configure the daemon environment

Set these variables on the plugin_daemon service:
VariableValue
FORCE_VERIFYING_SIGNATUREtrue
THIRD_PARTY_SIGNATURE_VERIFICATION_ENABLEDtrue
THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYSComma-separated paths to public keys inside the container
A docker-compose.override.yaml snippet:
services:
  plugin_daemon:
    environment:
      FORCE_VERIFYING_SIGNATURE: true
      THIRD_PARTY_SIGNATURE_VERIFICATION_ENABLED: true
      THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS: /app/storage/public_keys/your_key_pair.public.pem
docker/volumes/plugin_daemon mounts to /app/storage inside the container, so the path in THIRD_PARTY_SIGNATURE_VERIFICATION_PUBLIC_KEYS must use the in-container path.
3

Restart Dify

cd docker
docker compose down
docker compose up -d
Verified installs are now enforced: signed .difypkg files matching the configured public keys install cleanly; unsigned or mismatched ones are rejected.
Edit this page | Report an issue