Sign provider binaries for Windows

mikhailshilkov commented 1 month ago

@TechWatching reports:

The azure native provider (the pulumi-resource-azure-native.exe) is blocked by some security software on Windows because it is not signed. I think it's a big issue because many companies have tools that will prevent them using Pulumi because of that.

Original error example is in French:

Action risquée bloquée Basse ˅
Wakers a bloqué cette action.
Application ou processus bloqué : explorer.exe
Bloqué par : Réduction de la surface d'attaque
Règle : Bloquer l'exécution de fichiers exécutables, sauf s'ils respectent un critère de prévalence, d'âge ou de liste approuvée
Éléments affectés : C:\Users\MyUser\.pulumi\plugins\resource-azure-native-v2.66.0\pulumi-resource-azure-native.exe

Translation:

Risky action blocked Low ˅
Wakers blocked this action.
Blocked application or process: explorer.exe
Blocked by: Attack surface reduction
Rule: Block executable files from running unless they meet a prevalence, age, or trusted list criterion
Affected items: C:\Users\MyUser\.pulumi\plugins\resource-azure-native-v2.66.0\pulumi-resource-azure-native.exe

How does this compare to other providers?

thomas11 commented 1 month ago

Parent: pulumi/home#3682

TechWatching commented 3 weeks ago

Any progress on this? Depending on the security software in place in companies, that can be a huge red flag for some.

pulumi / pulumi-azure-native

Sign provider binaries for Windows #3642