DEMO A showcase of hev ask⌘K agentic search — running on Helm's real docs. Unaffiliated with Helm; not the official documentation. Official Helm docs ↗ Add ask to your docs ↗
Helm Helm
Documentation Community Blog Charts
v4
⌘K powered by hev ask
Documentation › helm plugin verify

helm plugin verify

verify that a plugin at the given path has been signed and is valid

Synopsis

This command verifies that a Helm plugin has a valid provenance file, and that the provenance file is signed by a trusted PGP key.

It supports both:

  • Plugin tarballs (.tgz or .tar.gz files)
  • Installed plugin directories

For installed plugins, use the path shown by ‘helm env HELM_PLUGINS’ followed by the plugin name. For example: helm plugin verify ~/.local/share/helm/plugins/example-cli

To generate a signed plugin, use the ‘helm plugin package —sign’ command.

helm plugin verify [PATH] [flags]

Options

  -h, --help             help for verify
      --keyring string   keyring containing public keys (default "~/.gnupg/pubring.gpg")

Options inherited from parent commands

      --burst-limit int                 client-side default throttling limit (default 100)
      --color string                    use colored output (never, auto, always) (default "auto")
      --colour string                   use colored output (never, auto, always) (default "auto")
      --content-cache string            path to the directory containing cached content (e.g. charts) (default "~/.cache/helm/content")
      --debug                           enable verbose output
      --kube-apiserver string           the address and the port for the Kubernetes API server
      --kube-as-group stringArray       group to impersonate for the operation, this flag can be repeated to specify multiple groups.
      --kube-as-user string             username to impersonate for the operation
      --kube-ca-file string             the certificate authority file for the Kubernetes API server connection
      --kube-context string             name of the kubeconfig context to use
      --kube-insecure-skip-tls-verify   if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kube-tls-server-name string     server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used
      --kube-token string               bearer token used for authentication
      --kubeconfig string               path to the kubeconfig file
  -n, --namespace string                namespace scope for this request
      --qps float32                     queries per second used when communicating with the Kubernetes API, not including bursting
      --registry-config string          path to the registry config file (default "~/.config/helm/registry/config.json")
      --repository-cache string         path to the directory containing cached repository indexes (default "~/.cache/helm/repository")
      --repository-config string        path to the file containing repository names and URLs (default "~/.config/helm/repositories.yaml")

SEE ALSO

  • helm plugin - install, list, or uninstall Helm plugins
Auto generated by spf13/cobra on 12-Jun-2026
esc
ask AI · open hev/ask