Allowed & Restricted Plugins
Available on: Enterprise EditionCloud>= 0.19.0
How to configure Kestra to allow or restrict specific plugins.
Allowed plugins
Kestra comes with the full library of official plugins by default. However, in some cases you may want to restrict which plugins are available to specific teams or users. For example, you might allow a team to use only BigQuery tasks while blocking script execution. Kestra enables this by letting you define allowlists (includes
) and blocklists (excludes
) using plugin names or regular expressions.
To allow specific plugins, add the includes
attribute in your Kestra configuration file and list the approved plugins or use a regular expression. Below is an example that includes
all plugins from the io.kestra
package using a regular expression.
kestra:
plugins:
security:
includes:
- io.kestra.*
Restricted plugins
To restrict certain plugins, add the excludes
attribute in your Kestra configuration file and list the disallowed plugins or use a regular expression. Below is the previous example with excludes
added to disallow the io.kestra.plugin.core.debug.Echo
plugin.
kestra:
plugins:
security:
includes:
- io.kestra.*
excludes:
- io.kestra.plugin.core.debug.Echo
Was this page helpful?