From a thread in the notary-project slack channel

When creating a certificate for Notation, does the private key need to be exportable?

The default is exportable in AKV when create a new certificate. It should be marked as unexportable for code signing scenario, since once it is exportable, it could be retrieved accidently or intentionally by client, thus leaking the private key. Then it's a security issue. We want the private key to be stored securely. This is one goal to be achieved by using KMS.

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

This issue was closed because it has been stalled for 30 days with no activity.