> ## Documentation Index
> Fetch the complete documentation index at: https://docs.envzero.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Plugins Overview

> Use env zero plugins to extend deployments with reusable command sets in your env0.yaml custom flow, with support for OPA, Checkov, TFLint, and more.

## Overview

An env zero plugin represents a composite set of commands that are executed as a single unit. To use an already implemented plugin, you need to add it to your `version: 2` `env0.yaml` file.

Here's an example usage of the OPA plugin:

```yaml theme={null}
version: 2
deploy:
  steps:
    terraformPlan:
      after:
        - name: OPA
          use: https://github.com/env0/env0-opa-plugin
          inputs:
            path: bundle-file-path
            flags: --fail --format=raw
            query: data.example.violation[x]
```

* `name` - A name to be shown on the env zero UI when running the plugin on this step
* `use` - A git http reference to the plugin repository. You can optionally set it to a specific branch or tag by setting the branch or tag after an `@` suffix. For example:
  ```
    use: https://github.com/env0/env0-opa-plugin@feat-my-branch
  ```
  or
  ```
     use: https://github.com/env0/env0-opa-plugin@1.0
  ```
* `inputs` - A set of custom entries that would be passed to the plugin as input. You can review specific plugin documentation to learn which inputs are expected.

## How to create a new env zero Plugin

To create a new env zero plugin of yours, you must follow these guidelines:

1. Create a new public Git repository.
2. Add a new `env0.plugin.yaml` to it. This YAML file uses the following schema:
   1. `name`(**Required**) - the name of the plugin
   2. `icon` - A URL to the icon of the plugin.
   3. `inputs` - An `object` defining the expected inputs for your plugin. The `inputs` attribute has its own schema as well:
      1. `inputs.<id>` - The identifier of the input. Has to be unique.
      2. `inputs.<id>.description` - (**Required**) - A short description of the input.
      3. `inputs.<id>.required` - a `boolean` value that states whether this input is required or not.
   4. `run` - An `object` defining what the plugin executes. Currently, the plugin environment only supports `bash` runtime. To execute commands, you should use the `run.exec` attribute.
3. Use it in an `env0.yaml` file.

Feel free to check out the implementation of the [OPA](https://github.com/env0/env0-opa-plugin) and [Checkov](https://github.com/env0/env0-checkov-plugin) plugins as reference.

### Storing plugins in private repositories

Plugins are a great way to integrate 3rd party tools with env0.\
We encourage you to submit your plugin to our public and community-maintained plugins list.  But of course, sometimes, you may wish to be able to build env0 plugins that integrate with internal tooling, reuse organization-specific code, and keep them private in a private git repository.

To do that, specify the plugin repo URL as you would with any public plugin.\
The git credentials used to clone your IaC will also be used to clone your private plugin repository - so make sure the credentials/user used has read access to both your IaC and your private plugin repository.

<Info>
  **The plugins location at runtime**

  As a plugin author, if you need the path to where your plugin resides, you can use the `ENV0_PLUGIN_PATH` env variable.
</Info>

## Next steps

* [Using the OPA Plugin](/guides/integrations/plugins/opa-plugin) - Enforce policies using Open Policy Agent.
* [Using the Checkov Plugin](/guides/integrations/plugins/checkov-plugin) - Scan IaC for security misconfigurations.
* [Manage Policies](/guides/policies-governance/policies) - Define and apply governance policies across environments.
* [Template Overview](/guides/admin-guide/templates) - Learn how templates are structured and configured.