azure-sign-tool-electron-forge-plugin
v0.0.1
Published
This is an Electron Forge plugin designed to automatically sign files with an HSM certificate from Azure Key Vault (with AzureCodeSign), in the build process.
Downloads
13
Maintainers
Readme
WARNING: This is a DRAFT project, and has not been built yet.
azure-sign-tool-electron-forge-plugin
I wanted to sign the Windows app that we’re building (www.recordonce.com) with an EV certificate in a Github Actions build pipeline.
This article provided 99% of the solution. But as Electron Forge does not use AzureCodeSign which is necessary to work with HSM and Azure Key Vault, I adapted another plugin (@burzo/electron-forge-ssl-code-sign-plugin) to hopefully fix that.
The code is heavily based on @burzo/electron-forge-ssl-code-sign-plugin.
Prerequisites
This plugin works with electron-forge version >=7.
Additionally, you need to install the AzureSignTool.
This plugin currently only supports building on Windows-based machines.
Installation
npm i --save-dev azure-sign-tool-electron-forge-plugin
or
yarn add --dev azure-sign-tool-electron-forge-plugin
Configuration
The plugin accepts the configuration variables that are used by this guide on how to sign code with an EV certificate. The variables correspond to AzureCodeSign’s paramaters.
Include the plugin in your Forge config as follows:
...,
"plugins": [
{
name: "azure-sign-tool-electron-forge-plugin",
config: {
azureKeyVaultUri: "",
azureClientId: "",
azureTenantId: "",
azureClientSecret: "",
azureCertificateName: "",
},
},
],
...,
Contribution
Feel free to submit a PR :)