Plugins
System administrators can globally manage the plugin installation policies for all workspaces within the enterprise edition through the Plugins page in the enterprise management console, ensuring enterprise data security and application stability by controlling plugin types and sources.
Managing Plugin Installation
In the enterprise management console, click Plugins in the left sidebar to access the plugin management page. On this page you can:
- View current plugin policy configurations
- Control allowed plugin types for installation
- Restrict plugin installation sources
Allow Specific Plugin Types
Administrators can select allowed plugin types for installation through the “Allowed Plugins” dropdown menu:
| Plugin Type | Description |
|---|---|
| All | Allow installation of all plugin types, including official plugins, partner plugins, and third-party developed plugins |
| Official + Partner | Only allow installation of Dify official plugins and certified partner plugins, providing a good balance of security and stability |
| Official | Only allow installation of plugins developed and maintained by Dify officially, providing high-level security and stability assurance |
| None | Prohibit installation of any plugins, suitable for environments with extremely high security requirements |
Plugin Source Description:
In the plugin marketplace, you can identify different types of plugins through tags and author names:
Control Plugin Installation Sources
Marketplace Installation Restrictions
The “Restrict to Marketplace Installations” toggle controls plugin installation sources, helping administrators balance functional requirements and security risks:
| Setting Status | Allowed Installation Channels | Security Level |
|---|---|---|
| Enable Restriction | Dify official plugin marketplace only | High |
| Disable Restriction | Marketplace, local files, GitHub, etc. | Low |
Plugin Installation Source Channels Overview:
| Installation Method | Security Review | Version Management | Documentation |
|---|---|---|---|
| Official Plugin Marketplace | Security reviewed | Automatic version management and updates | Detailed usage documentation |
| Local File Installation | Requires self-assessment | Manual management required | Depends on developer |
| GitHub Installation | Requires code security verification | Timely version updates but manual | Depends on project maintenance |
Signature Installation Restrictions
In addition to restricting plugins to marketplace-only installation in the management console, you can also control plugin installation by modifying environment file variable values in the deployment.
Plugin signatures can be considered as trusted source verification for plugins, and verification will be performed during plugin installation. When deploying the enterprise edition, the FORCE_VERIFYING_SIGNATURE in the environment variable file controls plugin signature verification. If plugin signature restrictions are enabled in environment variables, it will affect plugin installation.
-
For information on how to control signature installation restrictions through environment variables during deployment, please refer to the deployment manual.
-
For detailed information about signatures, please refer to Third-party Signature Verification.
Relationship Overview between Signature Verification and Marketplace Installation Restrictions:
Enable Marketplace Installation Restrictions
| Environment Variable Configuration | Marketplace Installation | GitHub Online Installation (with signature) | GitHub Online Installation (without signature) | Manual Installation (with signature) | Manual Installation (without signature) |
|---|---|---|---|---|---|
| Verify signature | ✅ Allow installation | ❌ Not allowed | ❌ Not allowed | ❌ Not allowed | ❌ Not allowed |
| Don’t verify signature | ✅ Allow installation | ❌ Not allowed | ❌ Not allowed | ❌ Not allowed | ❌ Not allowed |
Disable Marketplace Installation Restrictions
| Environment Variable Configuration | Marketplace Installation | GitHub Online Installation (with signature) | GitHub Online Installation (without signature) | Manual Installation (with signature) | Manual Installation (without signature) |
|---|---|---|---|---|---|
| Verify signature | ✅ Allow installation | ✅ Allow installation | ❌ Not allowed | ✅ Allow installation | ❌ Not allowed |
| Don’t verify signature | ✅ Allow installation | ✅ Allow installation | ✅ Allow installation | ✅ Allow installation | ✅ Allow installation |
Note: All plugins provided on Dify Marketplace include Dify signatures.