This is an Electron Forge plugin designed to automatically sign files with an HSM certificate from Azure Key Vault (with AzureCodeSign), in the build process.
npm install azure-sign-tool-electron-forge-pluginWARNING: This is a DRAFT project, and has not been built yet.
I wanted to sign the Windows app that we’re building (www.recordonce.com) with an EV certificate in a Github Actions build pipeline.
This article provided 99% of the solution. But as Electron Forge does not use AzureCodeSign which is necessary to work with HSM and Azure Key Vault, I adapted another plugin (@burzo/electron-forge-ssl-code-sign-plugin) to hopefully fix that.
The code is heavily based on @burzo/electron-forge-ssl-code-sign-plugin.
This plugin works with electron-forge version >=7.
Additionally, you need to install the AzureSignTool.
This plugin currently only supports building on Windows-based machines.
``
npm i --save-dev azure-sign-tool-electron-forge-plugin
or
`
yarn add --dev azure-sign-tool-electron-forge-plugin
The plugin accepts the configuration variables that are used by this guide on how to sign code with an EV certificate.
The variables correspond to AzureCodeSign’s paramaters.
Include the plugin in your Forge config as follows:
`
...,
"plugins": [
{
name: "azure-sign-tool-electron-forge-plugin",
config: {
azureKeyVaultUri: "",
azureClientId: "",
azureTenantId: "",
azureClientSecret: "",
azureCertificateName: "",
},
},
],
...,
Feel free to submit a PR :)