I am using PowerShell to run the sign commands and login to Azure to sign via a Cert stored in Azure Key Vault. I find that the signing takes quite a while per file and looking at the trace output I see various 401 responses before each successful sign which is slowing down the process.
E.g.,
...
09:29:20 warn: Azure.Core[8]
09:29:20 Error response [688b58b1-a0de-485b-98ca-b06a3fb4e54a] 401 Unauthorized (00.2s)
09:29:20 Cache-Control:no-cache
09:29:20 Pragma:no-cache
09:29:20 x-ms-keyvault-region:uksouth
09:29:20 x-ms-keyvault-service-version:1.9.2228.1
09:29:20 X-Content-Type-Options:REDACTED
09:29:20 Strict-Transport-Security:REDACTED
09:29:20 WWW-Authenticate:Bearer authorization="https://login.microsoftonline.com/REDACTED", resource="https://vault.azure.net"
09:29:20 Date:Thu, 20 Mar 2025 09:29:19 GMT
09:29:20 Content-Type:application/json; charset=utf-8
09:29:20 Expires:-1
09:29:20 Content-Length:97
09:29:20
09:29:27 warn: Azure.Core[8]
09:29:27 Error response [593f28ce-014a-40d9-a5d2-fdeb64a90417] 401 Unauthorized (00.0s)
09:29:27 Cache-Control:no-cache
09:29:27 Pragma:no-cache
09:29:27 x-ms-keyvault-region:uksouth
09:29:27 x-ms-client-request-id:593f28ce-014a-40d9-a5d2-fdeb64a90417
09:29:27 x-ms-request-id:ccd993b6-6e73-4845-b443-6e8a0976951e
09:29:27 x-ms-keyvault-service-version:1.9.2228.1
09:29:27 X-Content-Type-Options:REDACTED
09:29:27 Strict-Transport-Security:REDACTED
09:29:27 WWW-Authenticate:Bearer authorization="https://login.microsoftonline.com/REDACTED", resource="https://vault.azure.net"
09:29:27 Date:Thu, 20 Mar 2025 09:29:26 GMT
09:29:27 Content-Type:application/json; charset=utf-8
09:29:27 Expires:-1
09:29:27 Content-Length:97
09:29:27
09:29:29 Successfully code signed C:\BuildAgent\work\cb8726e7536fef68\Client.dll
Specifically, my .ps1 file looks like this
az login --service-principal --username $ClientId --tenant $TenantId --password $Secret
$TimestampUrl = "http://timestamp.digicert.com"
foreach ($File in $Files) {
$FullPath = $File.FullName
sign code azure-key-vault -kvu $KeyVaultUrl -kvc $CertificateName --timestamp-url $TimestampUrl "$FullPath"
}
Question: Am I using the sign tool correctly?
(The files being signed are located in different folders so I can't send the file list and a base directory to the sign tool.)
I am using PowerShell to run the sign commands and login to Azure to sign via a Cert stored in Azure Key Vault. I find that the signing takes quite a while per file and looking at the trace output I see various 401 responses before each successful sign which is slowing down the process.
E.g.,
Specifically, my
.ps1file looks like thisQuestion: Am I using the sign tool correctly?
(The files being signed are located in different folders so I can't send the file list and a base directory to the sign tool.)