An env0 plugin represents a composite set of commands that are executed as a single unit. In order to use an already implemented plugin, you need to add it to your version: 2 env0.yaml file.

Here's an example usage of the OPA plugin:

version: 2
        - name: OPA
          use: https://github.com/env0/env0-opa-plugin
            path: bundle-file-path
            flags: --fail --format=raw
            query: data.example.violation[x]
  • name - A name to be shown on the env0 UI when running the plugin on this step
  • use - A git http reference to the plugin repository. You can optionally set it to a specific branch or tag by setting the branch or tag after an @ suffix. For example:
      use: https://github.com/env0/env0-opa-plugin@feat-my-branch
       use: https://github.com/env0/[email protected]
  • inputs - A set of custom entries that would be passed to the plugin as input. You can review specific plugin documentation to learn which inputs are expected.

How to create a new env0 Plugin

In order to create a new env0 plugin of yours, you must follow these guidelines:

  1. Create a new public Git repository.
  2. Add a new env0.plugin.yaml to it. This YAML file uses the following schema:
    1. name(Required) - the name of the plugin
    2. icon - A URL to the icon of the plugin.
    3. inputs - An object defining the expected inputs for your plugin. The inputs attribute has its own schema as well:
      1. inputs.<id> - The identifier of the input. Has to be unique.
      2. inputs.<id>.description - (Required) - A short description of the input.
      3. inputs.<id>.required - a boolean value that states whether this input is required or not.
    4. run - An object defining what the plugin executes. Currently, the plugin environment only supports bash runtime. In order to execute commands, you should use the run.exec attribute.
  3. Use it in an env0.yaml file.

Feel free to check out the implementation of the OPA and Checkov plugins as reference.

Storing plugins in private repositories

Plugins are a great way to integrate 3rd party tools with env0.
We encourage you to submit your plugin to our public and community-maintained plugins list. But of course, sometimes, you may wish to be able to build env0 plugins that integrate with internal tooling, reuse organization-specific code, and keep them private in a private git repository.

To do that, simply specify the plugin repo URL as you would with any public plugin.
The git credentials used to clone your IaC will also be used to clone your private plugin repository - so make sure the credentials/user used has read access to both your IaC and your private plugin repository.


The plugins location at runtime

As a plugin author, if you need the path to where your plugin resides, you can use the ENV0_PLUGIN_PATH env variable.