Reqest that module be signed for secure environments

[JefeDavis]

Is your feature request related to a problem? Please describe. we use psPas in our environment extensively for interactions with cyberark however due to the module not being signed we must manually approve each of the 141 files before we can use each version

Describe the solution you'd like I would like to request that the module be digitally signed when published to the powershell gallery as recommended by Powershell Gallery Best Practices https://docs.microsoft.com/en-us/powershell/scripting/gallery/concepts/publishing-guidelines?view=powershell-7

[dokki767]

We have the same problem but we have an enterprise code signing certificate that we bulk sign everything with whenever we download updates. Trusted code signing certs cost a little bit, since this is an open-source/community driven effort it's not really feasible for everyone that is doing commits to have a publicly trusted code signing cert. Even if Pete is the main contributor, whenever someone else would do a commit to the main branch there's a dependency of him going back in and re-signing everything.

[pspete]

Code signing is on the project roadmap, but incurs a financial cost to procure & maintain the certificate which the open source project simply does not currently have available; the feature request is accepted, but it is not something which will be able to delivered until a code signing certificate is purchased.

The module’s build script already has the ability to sign any releases before being published to the PowerShell Gallery & GitHub; once a code signing certificate is available to the project there will be minimal development work required to sign the next release.

Contributions or donations towards the purchase price of a certificate will be gratefully accepted through GitHub sponsors.

[AaronG1234]

At least in the interim, you [individuals who have downloaded the module] could do a quick

$SigningCert = @(Get-ChildItem Cert:\CurrentUser\My\ -CodeSigningCert)[0]
$timeStamper = 'http://timestamp.verisign.com/scripts/timstamp.dll' #or any timestamper you prefer for PS signing
$ModulePath = 'put something here'

Get-Childitem -path $ModulePath -include *.ps1,*.psm1,*.psd1 -recurse | Get-AuthenticodeSignature | where-object {$_.status -eq 'NotSigned'} | Set-AuthenticodeSignature $_.path -Certificate $signingcert -IncludeChain notroot -TimestampServer $timestamper -HashAlgorithm SHA256