Code signing with hashicorp key vault
661 views
Skip to first unread message
ashi
Aug 8, 2019, 2:27:22 AM8/8/19
to Vault
We can store keys and a valid signing cert in Key Vault but there does not seem to be a crypto provider (CSP) that can be called from the code signing utilities. We would like to sign authenticode and Java binaries. Is it supported by Hashicorp key vault ?
Becca Petrin
Aug 9, 2019, 7:32:03 PM8/9/19
to Vault
Hi Ashi,
Good question! Vault is written in Go and subsequently our engineering staff and infrastructure all focus around Go language and tooling. Thus, we haven't developed a Java CSP, and I also personally haven't heard of one existing externally. I'm aware of a Spring integration, more here, in case it's any help.
-Becca
angel visri
Aug 13, 2019, 6:08:58 AM8/13/19
to Vault
Hi Becca,
Thank you.
My requirement is : I want to use the keys stored in hashicorp vault to digitally sign Microsoft(Signing tool used is signtool.exe) and java(signing tool used is jarsigner.exe) artifacts.
Is there any way of doing it ?
Thanks.
Becca Petrin
Aug 21, 2019, 12:48:18 PM8/21/19
to Vault
Hi Ashi,
Ah! The Transit secrets engine can provide signatures.
Reply all
Reply to author
Forward
0 new messages