Newer Version Available
Install Trusted Unsigned Plug-ins Automatically
When you install a plug-in with the sfdx
plugins:install command, Salesforce CLI first verifies its digital signature. If the
plug-in provides a valid signature, the CLI installs it. Otherwise, Salesforce CLI doesn't
install it until you answer a warning prompt and acknowledge that you understand the risks. This
process works well when you install a plug-in interactively at the command line, but can prevent
a batch CI/CD job from completing. To automatically install a plug-in without prompting, even
when unsigned, create an allowlist file on your local file system and add the plug-ins you
trust.
-
Create a file called unsignedPluginAllowList.json and put it in one of
these directories:
- (Linux and macOS): $HOME/.config/sfdx
- (Windows) Depending on your Windows configuration, either C:\Users\username\.config\sfdx or %LOCALAPPDATA%\sfdx
-
Add the names of the plug-ins you trust to the JSON file in a simple array of strings. For
example:
1[ 2 "sfdx-templates", 3 "salesforce-cmdt", 4 ... 5]