Tauri v2’s capability system controls which plugin commands your frontend is allowed to invoke. You declare the permissions your app needs in a capability JSON file, and Tauri enforces them at the IPC boundary — commands not listed in your capability file are rejected before they reach the plugin.
Default permissions: configurate:default
The configurate:default permission set covers all standard configuration operations. Add it to your capability file to enable the full CRUD surface, batch operations, file watching, and import/export:
{
"permissions": ["configurate:default"]
}
configurate:default grants the following individual permissions:
| Permission | Command |
|---|
allow-create | Create a new config file |
allow-load | Load an existing config file |
allow-save | Overwrite a config file |
allow-patch | Partially update a config file |
allow-delete | Delete a config file |
allow-exists | Check whether a config file exists |
allow-load-all | Batch load multiple configs |
allow-save-all | Batch save multiple configs |
allow-patch-all | Batch patch multiple configs |
allow-watch-file | Watch a config file for external changes |
allow-unwatch-file | Stop watching a config file |
allow-list-configs | List config files in a directory |
allow-reset | Delete and re-create a config file |
allow-export-config | Export a config as a formatted string |
allow-import-config | Import a config from a formatted string |
Keyring unlock: configurate:allow-unlock
The allow-unlock permission gates the keyring retrieval command that populates keyring fields when you call .unlock(). It is not included in configurate:default and must be added separately.
If your schema uses keyring() fields and you call .unlock() or
loadAll().unlock() without adding configurate:allow-unlock to your
capability file, the IPC call will be rejected with a permission error at
runtime.
{
"permissions": ["configurate:default", "configurate:allow-unlock"]
}
BaseDirectory restrictions
By default, the plugin only allows config files to be stored in app-scoped base directories. IPC payloads that reference any other directory are rejected before the command executes. The permitted directories are:
AppConfigAppDataAppLocalDataAppCacheAppLogResourceTemp
This restriction exists to prevent frontend code from reading or writing config files anywhere on the filesystem.
Using a BaseDirectory value outside this allowlist — such as Home,
Desktop, or Document — requires explicit configuration in the Rust
plugin builder. Without it, the plugin will reject the request at runtime.
Expanding allowed directories
To permit additional base directories, configure the plugin builder in Rust before registering it with Tauri:
tauri_plugin_configurate::Builder::default()
.allowed_base_directories([
tauri::path::BaseDirectory::AppConfig,
tauri::path::BaseDirectory::Document,
])
.build()
tauri_plugin_configurate::Builder::default()
.allow_any_base_directory()
.build()
fn main() {
tauri::Builder::default()
.plugin(
tauri_plugin_configurate::Builder::default()
.allowed_base_directories([
tauri::path::BaseDirectory::AppConfig,
tauri::path::BaseDirectory::Document,
])
.build(),
)
.run(tauri::generate_context!())
.expect("error while running tauri application");
}
