Deploy Secretless Connector Plugins

Once you have a Secretless Connector Plugin shared library .so file, in order to use it you must deploy the plugin with Secretless to your application environment.

If you haven't done so already, it is strongly recommended that you secure your plugin before it is deployed. For more information, see Secure your plugin.

Secretless Plugin shared library file location

Place the Secretless Plugin shared library .so file in the /usr/local/lib/secretless directory of the machine or container in which Secretless will run.

.so plugin files must be placed directly in /usr/local/lib/secretless, or the directory you specify using the -p flag (see Special purpose command-line flags below). Sub-directories of the plugin folder are not searched.

How Secretless Broker loads connector plugins

When Secretless Broker starts, it:

1. Checks for available Secretless Connector Plugins .so files in the plugin directory.

2. Verifies Secretless Connector Plugin checksums (if a checksum file was provided on start).

3. Secretless starts and loads the Secretless Connector Plugins. After this point, Secretless Connector Plugins are treated the same as built-in Connectors. For each plugin file, Secretless Broker:

   1. Opens the Go plugin file.

   2. Parses PluginInfo().

   3. Verifies that the plugin type supplied in PluginInfo is supported.

   4. Loads the Secretless Connector Plugin into the list of plugins to run.

Special purpose command-line flags

When running Secretless Broker with Connector Plugins, you can optionally use the following command-line flags when starting Secretless:

Flag	Description
-p	Specifies the directory in which Connector Plugin shared library files live. Sub-directory traversal is not supported at this time. The default location is: /usr/local/lib/secretless
-s	Refers to a file that contains sha256sum plugin checksums for verifying plugins. To learn more, see Secure your plugin.

See also

Secretless Plugin Interface SDK Reference