Introduction to the Code Signing Capability
Code signing, offered as a capability within Next-Gen Trust Security, provides a secure, unified, cloud-based platform that helps you protect, manage, and control your organization’s code signing keys and certificates.
The code signing capability provides the following key benefits:
Centralizes visibility and management of all code signing keys and certificates.
Protects private code signing keys by keeping them off developer and CI workstations. Keys are securely generated and stored in AWS Key Management Service (KMS) or Built-In Key Storage.
Simplifies permission management by utilizing the Tenant Security Group (TSG) hierarchy to inherit and control access to code signing keys.
Enables configuration flexibility for key parameters such as validity period and algorithm.
Supports separation of duties through roles and TSG scoping, allowing organizations to separate key management responsibilities from signing operations.
Restricts key visibility and editing based on TSG scope. Users can view and use only the keys within their authorized TSG or Child TSG.
Integrates with public and built-in CAs by supporting trusted public certificate authorities and the Built-in CA.
Delivers insights through detailed log events and usage statistics that support auditing and compliance.
By using the code signing capability, your organization can secure, centralize, and control code signing operations. You also maintain full visibility and compliance across all signing activities.
