Skip to main content
Arve´s Playground

Codesigning with the certificate in Azure Key Vault (draft)

Using AzureSignTool #

AzureSignTool is made to sign code with a certificate stored in Azure Key Vault. My preferred way to install it is to use it as a dotnet tool. If you have a newver version of .NET installed then it is just a matter of running

dotnet tool install -g azuresigntool

To actually sign a file you need:

Example: If you are logged into Azure you can get a token the follwing way:

 $token=$(az account get-access-token  --resource=  --query accessToken --output tsv)

And do the actual signing using:

azuresigntool sign  -kvu <Key vault URI>   --azure-key-vault-accesstoken   $token  --azure-key-vault-certificate <certifcate name>  <file to sign>

Using Signtool #