A simple CLI tool to sign files with Trusted Signing
- Trusted Signing Account and permissions configured
- Azure CLI
- Signtool (Windows 11 SDK 10.0.22000.0 or later recommended)
- Rust (Optional if you want to build from source)
cargo install trusted-signing-cli
The CLI expects the following environment variables to be set or you can pass them as arguments (you can use this article to get the credentials):
AZURE_CLIENT_ID
AZURE_CLIENT_SECRET
AZURE_TENANT_ID
Signing a single file:
trusted-signing-cli -e <url> -a <account name> -c <certificate profile name> file1.exe
Signing multiple files:
trusted-signing-cli -e <url> -a <account name> -c <certificate profile name> file1.exe file2.exe file3.exe
For more information run trusted-signing-cli --help