search

Venafi / vcert

Go client SDK and command line utility designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.
https://support.venafi.com/hc/en-us/articles/217991528
Apache License 2.0
88 stars 64 forks source link

Sign (Authenticode) embedded scripts in Playbook functionality #392

Closed BeardedPrincess closed 10 months ago

BeardedPrincess commented 1 year ago

BUSINESS PROBLEM Many enterprises prevent running scripts on windows that are not signed and trusted. This can cause issues with the vCert playbook functionality when installing certificates to CAPI stores. Enforced policy on those machines will prevent those functions from running entirely, with no workaround.

PROPOSED SOLUTION Signing the embedded scripts with a Venafi code-signing certificate in the build pipeline, ahead of compiling vCert CLI, will mitigate this issue.

CURRENT ALTERNATIVES Set powershell execution policy to RemoteSigned or Unrestricted: set-executionpolicy -ExecutionPolicy Unrestricted

VENAFI EXPERIENCE Plenty long

BeardedPrincess commented 10 months ago

This has been delivered in the 5.2 release.