Does anyone idling here happen to be associated wi...
# generalt
thor
03/13/2024, 4:50 PM
Does anyone idling here happen to be associated with Azure Cloud?
I'm looking for PoCs who might be able to hook us up with early access to Azure Code Signing capability. A recent change in code signing requirements from Digicert has put us in a situation where we probably need to find a new code signing cert provider, but more importantly we need to change how our Windows build/release process works.
This also acts as an FYI for #C0FHNQ2N6 users, that the osquery code signing cert is hopefully going to be changing over the coming months. While I love being the person who signs the Windows binaries, it's high-time we fixed that signature :)
s
seph
03/14/2024, 1:59 AM
I think we have lots of options.
seph
03/14/2024, 1:59 AM
A bunch of the ssl cert vendors will also sell us remote attestation functions
seph
03/14/2024, 2:00 AM
Over in Kolide we’re starting to test what using google KMS is like (it’s cheap).
https://www.ssl.com/guide/supported-cloud-hsms-document-signing-ev-code-signing/ for example.
t
thor
03/14/2024, 4:32 AM
Ok, so I should do some investigations here and look for other options... Do you know if Googles option supports Github actions?
s
seph
03/14/2024, 11:28 AM
It should, with a CNG plugin sign tool works. We’re just building it out in kolide. I’ll know in a couple weeks.
seph
03/14/2024, 11:29 AM
When does our cert expire?
t
thor
03/14/2024, 3:48 PM
60 days
thor
03/14/2024, 3:48 PM
05/12/2024
s
seph
03/17/2024, 2:58 AM
I think we’ll have tested out some new stuff by then 😉
👍 1
seph
03/17/2024, 2:59 AM
We (Kolide) just got a cert from ssl.com, and I think it’s in google KMS. Though we haven’t updated the signing stuff to use it yet.
👍 1
9 Views