Enable NuGet sign to work with KeyVault certficates

[timheuer]

NuGet sign currently works against local PFX files. Modern digital signatures can now be stored in cloud providers such as Azure KeyVault providing an HSM-backed security key. The NuGet client should provide a mechanism to use Azure KeyVault as a direct source for signing.

e.g., nuget sign -azure-keyvault http://myurlhere

Enabling this directly in the nuget client makes it easier for DevOps flows to leverage without needing additional tools that are hard to manage in Azure DevOps and not globally available to others.

[rrelyea]

@timheuer - Can you point us towards how this would be done if we didn't do this work?

[timheuer]

Right now options like: https://natemcmaster.com/blog/2018/07/02/code-signing/ https://github.com/onovotny/NuGetKeyVaultSignTool

[zooba]

Glad I found this - we're now using NuGetKeyVaultSignTool in production, as the only thing previously blocking us was that Nuget required a local certificate to do signing.