This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 21%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
When creating a Winui 3 AppPackage using the Create App Package wizard in Visual Studio 2022, it asks for a Key Vault URI.
I have a Trusted Signing resource in Entera, but I can't find any information about getting a Key Vault URI to this resource in the Azure Control Panel.
Do we need to create an Azure Key Vault as well? How do we then add our Trusted Signing certificate to the vault?
NB The Trusted Signing certificate is working from GitHub Actions.
// Björn
A fully managed end-to-end service for digitally signing code, documents, and applications. (formerly Trusted Signing)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 52%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Meha is correct: VS' Create App Package wizard doesn't connect directly to Trusted Signing, but it can create an unsigned package which you can sign later with signtool and Trusted Signing. You'll need to make sure that the package's publisher matches what you use for Trusted Signing.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 52%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
@Givary-MSFT are you familiar with how can we tag someone who is familiar with the Create App Package wizard here if there's an alternate to use a certificate that's outside of Key Vault URI?
@Bjorn - Trusted Signing certificates are stored in mHSMs and not in keyvault.
Does this mean that the current App Package wizard in Visual Studio cannot be used to sign the binaries and the msix package with a Trusted Signing Certificate?
Is there any documentation on how this could be achieved with a different tool? I can see that Signtool has a work-in-progress on GitHub to support signing binaries...
I have tagged Windows APP SDK, hoping someone from the team responds. What I was I told is you can skip the signing part in the wizard and then have the unsigned packaged signed with Trusted Signing. However, I'd want someone from the right team confirm that you can skip that step.