Page 1 of 1
Codesigning certifcate/password as a miabuild parameter or compilervarible
Posted: Tue Apr 11, 2023 12:09 pm
by Wolfgang Guertl
Hi,
The codesigning password is stored in any xxxx.mpr file unencrypted and this is getting into the source code repositoy. This is sub optimal. Is there a (simple) way to solve that security issue (miabuild parameter, compiler variable?
best regards
Wolfgang
Re: Codesigning certifcate/password as a miabuild parameter or compilervarible
Posted: Wed Apr 26, 2023 12:30 pm
by BartWilson
I do this with InstallAware projects now as I noticed the same thing. Through Jenkins I grab the password from our Vault instance setting an environment variable (CERT_PASS) using the pipeline plugin withVault that is masked in our console logs. This is passed as a parameter to the miabuild.exe line as "CERT_PASS=%CERT_PASS%". In the password field in the project I put the "#CERT_PASS#" and that seemed to work for me.
Re: Codesigning certifcate/password as a miabuild parameter or compilervarible
Posted: Wed May 17, 2023 8:47 am
by Wolfgang Guertl
Yes this is working indeed, but die certificate password is dumped to the console/logfile.
Fix: miabuild ...... >nul
but all of the setup build process is suppressed. hard to find errors
Wolfgang
Re: Codesigning certifcate/password as a miabuild parameter or compilervarible
Posted: Wed May 24, 2023 4:04 pm
by BartWilson
I'm running my miabuild command line in a Jenkins pipeline pulling the cert password from a hashicorp vault using the "withVault" plugin, so Jenkins is masking the password for me. Not sure of other technologies and how they would possibly mask the password.