search

HodorNV / ALOps

ALOps
59 stars 24 forks source link

Sign App using HW Crypto module #614

Open fvet opened 1 year ago

fvet commented 1 year ago

Wanted to follow up if below thread has any impact on the current way ALOps is signing the app files and if we could expect any update from ALOps in case our certificate might expire and requires us to switch using a HW crypto module instead?

https://www.yammer.com/dynamicsnavdev/#/threads/show?threadId=2128989394354176

waldo1001 commented 1 year ago

No steps have been taken - and since it seems that MS will need to do some changes before we can, we'll have to closely monitor which way anything will go in this matter.

If you have any new info, please share ;-).

Meanwhile, we'll monitor the changes on BCCH

dariuskava commented 1 year ago

No steps have been taken - and since it seems that MS will need to do some changes before we can, we'll have to closely monitor which way anything will go in this matter.

If you have any new info, please share ;-).

Meanwhile, we'll monitor the changes on BCCH

Do we have any update on this one? Either for using hardware module, or maybe some cloud HSM.

waldo1001 commented 1 year ago

We're looking into the matter and considering our options.

DevHarmonize commented 9 months ago

Hi, we are also facing this issue. Our code signing certificate is expiring and only HW dongle or Azure Key Vault is an option. How can this be handled by ALOps? Thanks

waldo1001 commented 9 months ago

You won't believe it - but we requested a HW dongle about 6 months ago - and still haven't received it with the explanation: "there are 2 suppliers that can help us with certificates, and both are having massive issues with their orders.. ". Frustrating. But .. there is no way for us now to work on this as long as we haven't received our dongle.

So I'm reaching out to the community - if anyone has a script that can get things going for anyone who is getting stuck - by all means, please share! 🙏

dariuskava commented 9 months ago

For the time being, we are using example from AL-Go, with certificate in azure key vault. https://github.com/microsoft/AL-Go/blob/main/Actions/Sign/README.md

Hopefully that will get integrated directly in AlOps.

waldo1001 commented 8 months ago

We're still waiting for our HSM certificate .. no idea why it takes so long.

Just to say: Digicert did provide us a certificate on Azure Keyvault, which we were able to export to Pfx, which works for 3 years, and is just as stable as before. We will try to document this procedure as good as we can on our docs.