Azure key vault requirement for code signing cert

Question

Hello, Due to the updated requirements for Code-Signing certificates, I am currently searching for a cost-effective cloud HSM solution. However, I would like to double-confirm that for signing Windows Code-Signing certificates, the option "Managed HSM Pools" is not required in the Azure.

Answer 1

Hi, "Managed HSM Pools" (Hardware Security Module Pools) in Azure Key Vault are designed to provide additional security for cryptographic key operations. These HSMs are dedicated hardware devices designed to securely store and perform cryptographic operations, enhancing the security of your keys. For code-signing certificates, it's not strictly necessary to use a Managed HSM Pool, but it can offer additional security benefits. Whether you choose to use Managed HSM Pools depends on your specific security requirements and compliance considerations. Please find doc for ref https://learn.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates If you have any other questions, please let me know. Thank you for your time and patience throughout this issue. Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Answer 2

@andrew , Following up to see if the provided answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 3

Here is a discussion on the topic. https://www.reddit.com/r/electronjs/comments/16sgb3u/signing_electron_app_for_windows_with_an_ev/

According to this discussion, "Managed HSM Pools" is not required for Windows Code-Signing certificates.