zas: Good morning, do you know whether MB already has a Microsoft Azure account in use for something?
zas[m] joined the channel
zas[m]
I don't think so
What is it needed for?
outsidecontext: contact mayhem about that, we have a MS apps account though
outsidecontext[m
Code singing. I researched, and there is a Azure Trusted Signing service, which seems to be actually the cheapest and easiest to handle solution.
lol, code signing of course. "Code singing" could be some weird nerdy musical genre 🤣
The apps account I actually have access to, it's what I use for MS Store deployment. Then I'll get in touch with mayhem to discuss the setup
Protopia[m] joined the channel
Protopia[m]
When I was a lad, our school computer genuinely could be made to play music by code.
But young people today, would never believe it.
outsidecontext[m
The essence is that in the past you just used to get the certificate files and would use them to sign the code. Since sometime 2023 this has changed and keys are either distributed on USB tokens or deployed on a HSM (Hardware Security Module). The various signing authorities often provide their own cloud service to securely store the certificate and allow cloud based code signing.
The USB token is not really a good solution for us. The cloud solutions are nice, but often come with some hefty monthly fees, in addition to several hundred bucks for the certificate. E.g. Digicert want $69 per month.
There is also the Azure Key Vault, which also offers hosted HSM. But the complete package with Azure compatible certificate + HSM also is kind of expensive.
But there is also the Azure Trusted Signing, which offers a certificate with cloud based signing for $9.99 per month. That's by far the cheapest certificate one can get and it seems comfortable to use in our CI pipeline.
