Shared configuration / secrets among all plugin users

ipdoc1 · 4 July 2025 07:03

Onlyoffice Version: 8.3

OnlyOffice plugins are synchronized across all customers in a shared OnlyOffice environment, including their configurations. This means that any authorized user could potentially install arbitrary, malicious plugins that might leak confidential data or steal sensitive configurations.

If we use an LLM and want to make our configuration available to all users, how can we ensure that an arbitrary user cannot modify or delete our configuration?

Constantine · 4 July 2025 11:22

Hello @ipdoc1

With latest version of Document Server and IP plugin you can define default models for the tasks from info page. Please let me know your installation type of Document Server so that I could provide proper instruction on how to enable it.

ipdoc1 · 4 July 2025 11:35

Docker image onlyoffice/documentserver:8.3