How would you sign a .jar file using the Azure Key Vault in a Dev Ops Pipeline

Rusty Crabbs 65 Reputation points

The requirements for code signing is that the certificate must be in a HSM based environment. Azure Key Vault is supported, so how does one sign a .jar file when the certificate is in an HSM environment? The certificate is non-exportable.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
893 questions
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
3,093 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,097 questions
0 comments No comments
{count} vote

Accepted answer
  1. Akshay-MSFT 10,181 Reputation points Microsoft Employee

    @Rusty Crabbs

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: How does one sign a .jar file when the certificate is in an HSM environment?

    Solution: This could be done by Integrating KeyVault JCA provider with Jarsigner

    If you have any other questions or are still running into more issues, please let me know.
    Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


    Akshay Kaushik

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Rusty Crabbs 65 Reputation points