It’s important that plugin developers can control who installs their plugins. The Platform provides a simple license key mechanism to control installation.
plugin.json file contains an optional
installSecret key. This should be generated from random data. The Plugin Tool will generate a random key for you when it creates the initial plugin files for you.
If you do not include this key, anyone can install the plugin if they know its name.
If you’re writing a set of related plugins, you might want to use the same
installSecret for all of them. This will allow a single license key to be used to install every plugin.
When someone installs your plugin, they’ll be asked for a license key. You need to generate a key for their application. The plugin installation process will provide a numeric application ID, which you use to generate a license key.
haplo-plugin -p test_plugin license-key 123456
In this example, the application ID is
123456. If you have multiple plugins in the working directory, you’ll need to specify the plugin with the
License key generation algorithm
It may be inconvenient to have to use the Plugin Tool to generate license keys, in which case you can easily write your own code.
The algorithm is simple:
- Take the
installSecret, encoded as UTF-8 with no terminator.
- Generate the string
123456is the application ID. Encode that as UTF-8 with no terminator.
- Use the standard HMAC-SHA1 algorithm to sign the generated string with the
installSecret. The standard libraries for your language should provide an implementation of HMAC-SHA1.
- The license key is the output of the HMAC-SHA1 algorithm, as a hex-encoded string with lower case letters.