This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 66%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESL%3C/text%3E%3C/svg%3E)
The company I work for builds PowerPoint add-ons using VBA within the PowerPoint VBE. We currently code sign using a USB token but want to move to Azure key vault. Is it possible to sign VBA code using an HSM hosted key? We have had another business tell us they are struggling with this so I need to know it's possible before moving forward.
Hi Stephaine,
The process involves a sequence of steps:
Certificate Acquisition: Obtain a dedicated code signing certificate and securely store it within Azure Key Vault. This certificate is pivotal for signing the VBA code.
Key Vault Access: Ensure the appropriate permissions and access are granted for Azure Key Vault, where the certificate resides.
Signing Protocol: Modify the existing code signing process to seamlessly retrieve the certificate from Azure Key Vault. Subsequently, utilize this certificate to sign the VBA code. This could necessitate leveraging Azure SDKs, PowerShell scripts, or other compatible tools.
Automation Strategy: Establish an automated mechanism within your PowerPoint add-on build pipeline. This mechanism should facilitate secure retrieval of the certificate from Azure Key Vault and, in turn, enable the VBA code to be signed during the build process.
It's important to acknowledge that while the viability of this process is confirmed, practical execution may involve addressing specific technical intricacies. The challenges faced by another business could stem from unique implementation nuances or specific issues encountered during their own transition. However, by adhering to comprehensive documentation, tapping into available resources, and potentially seeking Azure support, you can confidently transition to the use of an HSM-hosted key from Azure Key Vault.
Prior to committing fully to this shift, consider conducting a meticulous evaluation of your requirements. Additionally, performing a controlled pilot test can provide valuable insights and preemptively identify any potential roadblocks. This prudent approach will help ensure a smooth and successful migration, enhancing the security and efficiency of your VBA code signing process.
Hope this helps